# Multifactor Authentication (MFA)*

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
MFA Multifactor Authentication
TOTP Time-Based One-Time Password

# Glossary

Step-up authentication is an additional factor or procedure that validates a user's identity by using the following means:

  • Challenge questions
  • Out-of-band authentication (phone call or SMS)
  • Dynamic knowledge-based authentication (questions unique to the end user)

# Overview

Authentication requires a match against a template or a known quantity. Therefore, variables (such as variable keystrokes) aren't useful for authentication.

Multifactor authentication requires at least two of the following:

  • Type 1: Something you know
  • Type 2: Something you have
  • Type 3: Something you are

In some cases, a fourth factor is mentioned:

  • Type 4: Something you do (linked to something you are); physiological and behavioral, such as how you write or type.

This field is constantly evolving, and additional considerations include:

  • Time-based one-time passwords (TOTPs)
  • Somewhere you are (location based)