Multifactor Authentication - 4.6

Summary

Multifactor Authentication (MFA) enhances security by requiring users to provide two or more verification factors, such as something they know (password), something they have (security key), or something they are (biometric), to access resources.

Notes:

Implementations

  • Biometrics (e.g., fingerprint, facial recognition, iris scan)
  • Hardware/Software authentication tokens (e.g., OTP generators, authenticator apps, hardware tokens like YubiKey)
  • Security Keys (e.g., physical USB keys or smart cards, typically FIDO2-compliant)

Authentication Factors

  • Something you know: A password, PIN, or answer to a security question.
  • Something you have: A physical object like a keycard, USB security key, or a one-time password (OTP) token (hardware or software-based).
  • Something you are: Biometric information such as fingerprints, iris scans, or facial recognition.
  • Somewhere you are: Authentication based on location, often verified through GPS or IP address, commonly used in combination with other factors.
Previous: Access ControlsNext: Password Security