Browse Definitions:

Words to Go: Multifactor authentication

Contributor(s): Ivy Wigmore

Information security threats are getting more sophisticated all the time and technologies designed to foil them must follow suit. Multifactor authentication is one approach to ensuring that only authorized users have access to resources. Our Words-To-Go glossary provides brief explanations to the essential MFA terminology, with links to our full definitions for more in-depth information.  Want to test your grasp of the concepts? Try our Multifactor authentication quiz.

authentication -- the process of determining whether someone or something is, in fact, who or what it is declared to be, as a means of securing access to a given resource.

authentication factor --  a category of credential used to verify identity.  The three main categories are knowledge factors (things the user knows), possession factors (things the user has) and inherence factors (things the user inherently is).

biometric authentication -- a type of security system that uses the unique biological characteristics of individuals to verify identity for secure logins into electronic systems.

claims-based identity -- a means of authenticating an end user, application or device to another system in a way that abstracts the entity’s specific information while providing data that authorizes them for appropriate and relevant interactions.

Duo Security -- a vendor of cloud-based two-factor authentication services for integration with websites, VPNs and cloud services. 

FIDO (Fast ID Online) -- an open standard for a secure and easy-to-use universal authentication interface created to address the lack of interoperability among strong authentication devices. 

four-factor authentication (4FA) -- the use of four types of identity-confirming credentials, typically the three common knowledge, possession and inherence factors plus location, although time is sometimes considered the fourth factor.

Google Authenticator -- a mobile security application based on two-factor authentication, which helps to verify user identities before granting access to websites and services. 

knowledge factor -- a category of authentication credentials consisting of information that the user possesses, such as a personal identification number (PIN), a user name, a password or the answer to a secret question.

machine authentication -- the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials.

mobile authentication -- the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access. Mobile authentication may be used to authorize the device itself or as a part of a multifactor authentication scheme for logging into secure locations and resources.

multifactor authentication (MFA) – the use of two or more independent authentication factors to increase the security of transactions. 

multifactor token – a security token that uses more than one category of credential to confirm user authentication. A common example is the use of a smartphone software token app that enables the phone to serve as the hardware token; this example yields a two-factor token.

one-time password (OTP) --  an automatically generated numeric or alphanumeric string of characters that will authenticate the user for a single transaction or session.

OTP token -- a security device or software program that produces new single-use passwords or passcodes at preset time intervals. 

out-of-band authentication -- a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password.

security token (sometimes called an authentication token) -- a small hardware device that the owner carries to authorize access to a network service.

shared secret -- data known to only the two entities involved in a communication so that either party's possession of that data can be provided as proof of identity for authentication.

single-factor authentication (SFA) – an authentication method that involves only one category of credential. The familiar user name / password login is the most common form of SFA but some strong authentication methods are also used independently.

soft token -- a software-based security token that generates a single-use login PIN. Software tokens are often components of apps used to secure mobile authentication.

three-factor authentication (3FA) – the use of identity-confirming credentials from three separate categories of authentication factors – typically, the knowledgepossession and inherence categories.

two-factor authentication (2FA) -- a process in which the user provides two means of identification from separate authentication factors. Often one credential is a physical token, such as a card, and the other is something memorized, such as a security code.

two-step verification -- a process that involves two authentication methods, not necessarily from separate authentication factors, performed one after the other to verify that someone or something requesting access is who or what they are declared to be. 

unique identifier (UID) -- a numeric or alphanumeric string that is associated with a single entity within a given system. 

universal authentication -- a network identity-verification method that allows users to move from site to site securely without having to enter identifying information multiple times.

user authentication -- the verification of an active human-to-machine transfer of credentials required for confirmation of a user’s authenticity; the term contrasts with machine authentication, which involves automated processes that do not require user input.


This was last updated in February 2015

Continue Reading About Words to Go: Multifactor authentication

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats


  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...


  • federated identity management (FIM)

    Federated identity management (FIM) is an arrangement that can be made among multiple enterprises to let subscribers use the same...

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, ...

  • firewall

    In computing, a firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or...



  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...


  • all-flash array (AFA)

    An all-flash array (AFA), also known as a solid-state storage disk system, is an external storage array that uses only flash ...

  • volume manager

    A volume manager is software within an operating system (OS) that controls capacity allocation for storage arrays.

  • external storage device

    An external storage device, also referred to as auxiliary storage and secondary storage, is a device that contains all the ...


  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.