Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a security measure that requires multiple levels of authentication before granting a user account access to a system. A user is required to provide multiple factors of identification, including something the user knows (like a user name and password), something the user has (like a security token or mobile device), and something the user is (a biometric identification like a fingerprint or face scan).

If a system requires only a username and password as login information, it can be accessed by anyone who knows them — whether they're the authorized account owner or not. MFA systems add some extra steps to the authentication process to ensure that the person logging into the account is the account owner. Multi-Factor Authentication systems are similar to Two-Factor Authentication but with the option to require 2, 3, or more authentication steps.

There are three categories of authentication factors used in MFA. An MFA system requires at least two of these factors to ensure that the correct user is logging in to the account.

  • Knowledge is something that the user knows. This factor is usually their username and password. Other knowledge factors like a PIN, passphrase, or security question can be used in conjunction with the username and password.
  • Possession is something that the user has. Since this is often their smartphone, a code can be sent to the phone via SMS or generated by an MFA passcode generator app. Security token devices are also common — these small devices connect to a computer to provide authentication or display a one-time-use code that the user enters.
  • Inherent factors are something that the user is, so many types of MFA use biometric identification. Fingerprint or face scans are the most common types, but some systems may use voice recognition or retinal scans for identification.

In many cases, users only need to provide additional authentication the first time they log in using a particular device. After successful authentication, the site sets a cookie in the web browser that tells the website that MFA was successful and that only the username and password are required. Changing devices or web browsers will cause another MFA check to take place.

Updated November 17, 2022

Definitions by TechTerms.com

The definition of Multi-Factor Authentication on this page is an original TechTerms.com definition. If you would like to reference this page or cite this definition, you can use the green citation links above.

The goal of TechTerms.com is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about the Multi-Factor Authentication definition or would like to suggest a new technical term, please contact us.

Want to learn more tech terms? Subscribe to the daily or weekly newsletter and get featured terms and quizzes delivered to your inbox.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.