Glossary / Authentication
Multi-Factor Authentication (MFA)
Multi-factor authentication requires a user to present two or more independent proofs of identity from different categories, such as something they know, have, or are, before access is granted.
Also: MFA, two-factor authentication, 2FA
Multi-factor authentication strengthens login by requiring proof from more than one category of evidence: something the user knows such as a password, something they have such as a phone or security key, and something they are such as a fingerprint. Combining categories means a stolen password alone is not enough to take over an account.
Not all factors are equal. SMS one-time codes are common but vulnerable to interception and SIM swapping, while app-based codes and FIDO2 security keys or passkeys are far stronger. Phishing-resistant factors based on public-key cryptography are the current best practice.
In CIAM, the challenge is balancing this protection against customer friction. Risk-based and adaptive approaches apply stronger factors only when a sign-in looks risky, and passkeys can deliver strong authentication in a single low-friction step.
Sources
- NIST SP 800-63B, Authentication and Lifecycle Management: https://pages.nist.gov/800-63-3/sp800-63b.html
Related terms
Standards
- NIST SP 800-63B