Overview: Multi-Factor Authentication (MFA)

Quick Definition

Multi-factor Authentication, or MFA, is a form of authentication requiring that a user prove their identity using two or more identity factors at once. Security professionals generally recognize three basic identity categories that can be used to prove identity—things that a only the intended user knows (like a password or code), things that only the intended user has (like a mobile phone or token fob), or things that only the intended user embodies (like a fingerprint or facial structure).

True multi-factor authentication, generally regarded as more secure than authentication requiring only one factor, requires that the two or more identity factors used for authentication be different—for example, a password combined with proof of the mobile phone's possession, or a token fob combined with a fingerprint.

Cases in which the user must provide two of the same kind of identity factor to authenticate, such as a password followed by a secret phrase or answer, are not true multi-factor authentication, but are rather more properly referred to as two-step or multi-step authentication.