MFA, or Multi Factor Authentication, uses two (2FA) or more methods to verify the identity of a user - for example: username/password, followed by a text message.

Why should I care?

Stolen credentials are a recurring problem on the Internet. MFA drastically reduces the risk that user accounts will be compromised.

Multiple regulatory frameworks, from PCI-DSS to HIPPA, advise or mandate MFA.

How does it work?

MFA takes users through multiple interactive workflows to verify they are who they claim to be. Strong authentication will verify two or more security conditions:

  • What you know, for example a password
  • What you have, for example, a key fob
  • What you are, for example, a fingerprint

SSO providers implement MFA schemes.