Multi-Factor Authentication (MFA)
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA)An authentication method that requires two or more independent factors — typically from different categories — before granting access.
Multi-Factor Authentication (MFA) increases assurance by combining factors from at least two of three categories: knowledge (password, PIN), possession (security key, smartphone, smart card) and inherence (fingerprint, face, voice). Even if one factor is stolen or phished, the others should still block the attacker. Phishing-resistant MFA based on FIDO2/WebAuthn or smart cards is strongly preferred over OTP via SMS or email, which are vulnerable to SIM swaps, server-side compromise and real-time phishing through reverse proxies. MFA is now a baseline control in standards such as NIST SP 800-63B, PCI DSS and most cyber-insurance requirements, and is one of the most effective controls against account takeover.
● Examples
- 01
Logging in with a password plus a tap on a FIDO2 security key.
- 02
An admin console requiring a hardware token after a Windows Hello sign-in.
● Frequently asked questions
What is Multi-Factor Authentication (MFA)?
An authentication method that requires two or more independent factors — typically from different categories — before granting access. It belongs to the Identity & Access category of cybersecurity.
What does Multi-Factor Authentication (MFA) mean?
An authentication method that requires two or more independent factors — typically from different categories — before granting access.
How do you defend against Multi-Factor Authentication (MFA)?
Defences for Multi-Factor Authentication (MFA) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Multi-Factor Authentication (MFA)?
Common alternative names include: MFA, Strong authentication.