Browse Definitions:
Reference

Words to Go: Multifactor authentication

Contributor(s): Ivy Wigmore

Information security threats are getting more sophisticated all the time and technologies designed to foil them must follow suit. Multifactor authentication is one approach to ensuring that only authorized users have access to resources. Our Words-To-Go glossary provides brief explanations to the essential MFA terminology, with links to our full definitions for more in-depth information.  Want to test your grasp of the concepts? Try our Multifactor authentication quiz.

authentication -- the process of determining whether someone or something is, in fact, who or what it is declared to be, as a means of securing access to a given resource.

authentication factor --  a category of credential used to verify identity.  The three main categories are knowledge factors (things the user knows), possession factors (things the user has) and inherence factors (things the user inherently is).

biometric authentication -- a type of security system that uses the unique biological characteristics of individuals to verify identity for secure logins into electronic systems.

claims-based identity -- a means of authenticating an end user, application or device to another system in a way that abstracts the entity’s specific information while providing data that authorizes them for appropriate and relevant interactions.

Duo Security -- a vendor of cloud-based two-factor authentication services for integration with websites, VPNs and cloud services. 

FIDO (Fast ID Online) -- an open standard for a secure and easy-to-use universal authentication interface created to address the lack of interoperability among strong authentication devices. 

four-factor authentication (4FA) -- the use of four types of identity-confirming credentials, typically the three common knowledge, possession and inherence factors plus location, although time is sometimes considered the fourth factor.

Google Authenticator -- a mobile security application based on two-factor authentication, which helps to verify user identities before granting access to websites and services. 

knowledge factor -- a category of authentication credentials consisting of information that the user possesses, such as a personal identification number (PIN), a user name, a password or the answer to a secret question.

machine authentication -- the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials.

mobile authentication -- the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access. Mobile authentication may be used to authorize the device itself or as a part of a multifactor authentication scheme for logging into secure locations and resources.

multifactor authentication (MFA) – the use of two or more independent authentication factors to increase the security of transactions. 

multifactor token – a security token that uses more than one category of credential to confirm user authentication. A common example is the use of a smartphone software token app that enables the phone to serve as the hardware token; this example yields a two-factor token.

one-time password (OTP) --  an automatically generated numeric or alphanumeric string of characters that will authenticate the user for a single transaction or session.

OTP token -- a security device or software program that produces new single-use passwords or passcodes at preset time intervals. 

out-of-band authentication -- a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password.

security token (sometimes called an authentication token) -- a small hardware device that the owner carries to authorize access to a network service.

shared secret -- data known to only the two entities involved in a communication so that either party's possession of that data can be provided as proof of identity for authentication.

single-factor authentication (SFA) – an authentication method that involves only one category of credential. The familiar user name / password login is the most common form of SFA but some strong authentication methods are also used independently.

soft token -- a software-based security token that generates a single-use login PIN. Software tokens are often components of apps used to secure mobile authentication.

three-factor authentication (3FA) – the use of identity-confirming credentials from three separate categories of authentication factors – typically, the knowledgepossession and inherence categories.

two-factor authentication (2FA) -- a process in which the user provides two means of identification from separate authentication factors. Often one credential is a physical token, such as a card, and the other is something memorized, such as a security code.

two-step verification -- a process that involves two authentication methods, not necessarily from separate authentication factors, performed one after the other to verify that someone or something requesting access is who or what they are declared to be. 

unique identifier (UID) -- a numeric or alphanumeric string that is associated with a single entity within a given system. 

universal authentication -- a network identity-verification method that allows users to move from site to site securely without having to enter identifying information multiple times.

user authentication -- the verification of an active human-to-machine transfer of credentials required for confirmation of a user’s authenticity; the term contrasts with machine authentication, which involves automated processes that do not require user input.

 

This was last updated in February 2015

Continue Reading About Words to Go: Multifactor authentication

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of ...

  • polymorphic virus

    A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to ...

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against ...

SearchHealthIT

  • accountable care organization (ACO)

    An accountable care organization (ACO) is an association of hospitals, healthcare providers and insurers in which all parties ...

  • patient engagement

    Patient engagement is an ideal healthcare situation in which people are well-informed about -- and motivated to be involved -- in...

  • personal health record (PHR)

    A personal health record (PHR) is a collection of health-related information that is documented and maintained by the individual ...

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close