Two-factor Authentication (See Multi-Factor Authentication)

Two-factor Authentication (See Multi-Factor Authentication)

Feb 12, 2019

The process of using two factors to prove identity. Factors include something you know (e.g., password or personal identification number); something you have (e.g., cryptographic identification device or token); and something you are (e.g., biometric).

Retrieved and adapted from FFIEC CAT Appendix C. (2018).

Using multiple solutions from the same category at different points in the process may be part of a layered security or other compensating control approach, but it would not constitute multi-factor authentication. Two-factor authentication requires the use of solutions from two of the following three categories of factors: something the user knows (e.g., password, PIN, challenge or response); something the user has (e.g., ATM card, smart card); something the user is (e.g., biometric characteristic, such as a fingerprint).

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics