Multifactor authentication requires the use of solutions from two or more of the three categories of factors: something the user knows (e.g., password, PIN); something the user has (e.g., ATM card, smart card); something the user is (e.g., biometric characteristic, such as a fingerprint). Using multiple solutions from the same category at different points in the process may be part of a layered security or other compensating control approach, but it would not constitute multi-factor authentication.
