Multi-factor Authentication

Multi-factor Authentication (MFA) is the use of more than one factor to prove the identity of a user.

Factors

One factor is typically a username or email and password combination. This is the basic log-in functionality that most websites require users to create when initially signing up for an account.

Other factors, depending on the verification system, include the following:

  • A physical item belonging to the user (e.g., a mobile phone).
  • A personal identity number (PIN), key, or token that only the user should know prior, or an authentication code that is e-mailed, texted, or phoned-in to the user in real-time.
  • Some biometric marker for the user (fingerprints, voice-recognition, key-stroke patterns, etc.).
  • Information about the user’s geolocation.

Examples

ATMs often require a physical card and a memorized PIN to successfully withdraw cash.

Secure sites, like GitHub, allow users to enable MFA through a PIN that’s sent to the user’s physical device like a mobile phone or tablet. This is very secure because to be verified, a person would need the physical device which probably has a PIN and biometric marker factor.

More factors in the verification process results in greater security.

Contributors

Interested in helping build Docs? Read the Contribution Guide or share your thoughts in this feedback form.

Learn Cybersecurity on Codecademy