Multi-factor authentication (MFA) is an authentication method that combines two or more independent credentials: what the user knows (password), what the user has (security token), and who the user is (biometric) to authenticate the user's identity for login or another purpose.
Back to identity glossary
Multi-factor authentication
Frequently asked questions
What is multi-factor authentication?
Multi-factor authentication (MFA) is an authentication method in which a user is not granted account access until they enter their password and provide another form of identification, such as a security token. MFA provides an extra layer of security against potential ID spoofing and unauthorized account access.
What are the three main types of multi-factor authentication?
Three of the most common types of multi-factor authentication include token-based authentication using an SMS, email, software, hardware, or phone token, knowledge-based authentication (KBA), and biometric authentication.
What is an example of multi-factor authentication?
One common example of multi-factor authentication is the use of one-time passcodes in combination with usernames and passwords. First, customers enter their account username and password (something they know). Then, they’re prompted for a one-time code generated by a smartphone app or sent via SMS (something they have). Access is only granted if both steps of the MFA process are completed.
Why should I enable MFA?
MFA can reduce the likelihood of unauthorized account access. Without MFA, attackers can use stolen credentials to access customer accounts and carry out fraudulent transactions. By implementing MFA with one-time codes or biometrics, attackers can only complete one step of the verification process and will be locked out of accounts.