Multi-factor authentication means having extra checks to prove your identity
For example, you may need an authentication code from a text message in addition to your password to log into your account.
Having multi-factor authentication (MFA) gives you an extra layer of security
The many layers of authentication increases confidence that the person logging in is actually who they claim to be. MFA typically requires a combination of something a user knows (like a PIN or password), something a user has (like a smartcard or physical token) and something a user is (like a fingerprint or other biometric) to access a device, application or online service.
Having two or more authentication factors increases your cyber security. It makes it harder for someone to access your account.
Some authentication factors for use with MFA include:
Physical token
A physical token that shows a time-limited one-time PIN on its screen
This is typically a small physical token with a display that shows a code on the screen.
Security key
These can be used in addition to or in place of a password. They act like an electronic key.
This is a small physical token that is often plugged into your device via a USB port, or kept in close proximity for wireless versions.
Biometrics or fingerprint
Using your fingerprint, face or iris scan to validate your login
An example of this is when using your face or fingerprint to access your device or mobile apps.
Authenticator app
A mobile application that generates a random one-time PIN or password
These can be stand-alone mobile apps or part of existing apps. The Google Authenticator or Microsoft Authenticator mobile apps are examples of these.
SMS, email or voice call
A random code that you receive or enter to access a service
This is often referred to as a ‘one-time PIN’. An example is when you receive a SMS code before using online banking to transfer money to a new payee for the first time.
