Multifactor Authentication

Multifactor authentication (MFA) is a method used to verify a user's identity. During the authentication process, a user must correctly enter at least two of the three (proof) factors to verify their identity. For example:

•A login password and PIN.

•A mobile phone and an RFID reader/token.

•A fingerprint, voice or FaceID.

Other authentication factors can also be the location of the user (for example, IP address and GPS coordinates) and the time the user logs into the system. Adding additional factors to the user identity verification process greatly enhances the security of user accounts.

Other types of authentication

Single-factor authentication (also known as SFA) is the simplest and most widely used method of identity verification. It uses only one piece of evidence (called a factor) to check that the user is who they say they are. An example is entering a username and password when logging into any user account.

Two-factor authentication (also known as 2FA) is a subset of multifactor authentication. In 2FA, the user proves their identity with two pieces of evidence: username/password and mobile phone, SMS code, or push notification. An example of two-factor authentication might be withdrawing money from an ATM, where one proof of identity is ownership of the payment card and the other is knowledge of the PIN for the card.

Two-step authentication is a method where the user provides proof of identity they do not know in advance. It can usually only be used once—OTP (one-time password), for example, a code from an SMS or a third-party authenticator (TPA). An example of two-step authentication is logging in or approving orders in online banking. After filling in the name and password, the user must either fill in a one-time SMS code that they receive on their mobile phone or confirm their login directly in the bank's mobile app (by clicking on the so-called push notification).