The process of using two factors to prove identity. Factors include something you know (e.g., password or personal identification number); something you have (e.g., cryptographic identification device or token); and something you are (e.g., biometric).
Retrieved and adapted from FFIEC CAT Appendix C. (2018). https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_App_C_Glossary_June_2015_PDF5.pdf.
Using multiple solutions from the same category at different points in the process may be part of a layered security or other compensating control approach, but it would not constitute multi-factor authentication. Two-factor authentication requires the use of solutions from two of the following three categories of factors: something the user knows (e.g., password, PIN, challenge or response); something the user has (e.g., ATM card, smart card); something the user is (e.g., biometric characteristic, such as a fingerprint).