Information security threats are getting more sophisticated all the time and technologies designed to foil them must follow suit. Multifactor authentication is one approach to ensuring that only authorized users have access to resources. Our Words-To-Go glossary provides brief explanations to the essential MFA terminology, with links to our full definitions for more in-depth information. Want to test your grasp of the concepts? Try our Multifactor authentication quiz.
authentication -- the process of determining whether someone or something is, in fact, who or what it is declared to be, as a means of securing access to a given resource.
authentication factor -- a category of credential used to verify identity. The three main categories are knowledge factors (things the user knows), possession factors (things the user has) and inherence factors (things the user inherently is).
biometric authentication -- a type of security system that uses the unique biological characteristics of individuals to verify identity for secure logins into electronic systems.
claims-based identity -- a means of authenticating an end user, application or device to another system in a way that abstracts the entity’s specific information while providing data that authorizes them for appropriate and relevant interactions.
Duo Security -- a vendor of cloud-based two-factor authentication services for integration with websites, VPNs and cloud services.
FIDO (Fast ID Online) -- an open standard for a secure and easy-to-use universal authentication interface created to address the lack of interoperability among strong authentication devices.
four-factor authentication (4FA) -- the use of four types of identity-confirming credentials, typically the three common knowledge, possession and inherence factors plus location, although time is sometimes considered the fourth factor.
Google Authenticator -- a mobile security application based on two-factor authentication, which helps to verify user identities before granting access to websites and services.
knowledge factor -- a category of authentication credentials consisting of information that the user possesses, such as a personal identification number (PIN), a user name, a password or the answer to a secret question.
machine authentication -- the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials.
mobile authentication -- the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access. Mobile authentication may be used to authorize the device itself or as a part of a multifactor authentication scheme for logging into secure locations and resources.
multifactor authentication (MFA) – the use of two or more independent authentication factors to increase the security of transactions.
multifactor token – a security token that uses more than one category of credential to confirm user authentication. A common example is the use of a smartphone software token app that enables the phone to serve as the hardware token; this example yields a two-factor token.
one-time password (OTP) -- an automatically generated numeric or alphanumeric string of characters that will authenticate the user for a single transaction or session.
OTP token -- a security device or software program that produces new single-use passwords or passcodes at preset time intervals.
out-of-band authentication -- a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password.
security token (sometimes called an authentication token) -- a small hardware device that the owner carries to authorize access to a network service.
shared secret -- data known to only the two entities involved in a communication so that either party's possession of that data can be provided as proof of identity for authentication.
single-factor authentication (SFA) – an authentication method that involves only one category of credential. The familiar user name / password login is the most common form of SFA but some strong authentication methods are also used independently.
soft token -- a software-based security token that generates a single-use login PIN. Software tokens are often components of apps used to secure mobile authentication.
three-factor authentication (3FA) – the use of identity-confirming credentials from three separate categories of authentication factors – typically, the knowledge, possession and inherence categories.
two-factor authentication (2FA) -- a process in which the user provides two means of identification from separate authentication factors. Often one credential is a physical token, such as a card, and the other is something memorized, such as a security code.
two-step verification -- a process that involves two authentication methods, not necessarily from separate authentication factors, performed one after the other to verify that someone or something requesting access is who or what they are declared to be.
unique identifier (UID) -- a numeric or alphanumeric string that is associated with a single entity within a given system.
universal authentication -- a network identity-verification method that allows users to move from site to site securely without having to enter identifying information multiple times.
user authentication -- the verification of an active human-to-machine transfer of credentials required for confirmation of a user’s authenticity; the term contrasts with machine authentication, which involves automated processes that do not require user input.