9.21

What is multifactor authentication? How does it help safeguard against stolen passwords?

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is).

MFA protects user data - which may include personal identification or financial assets - from being accessed by an unauthorised third party that may have been able to discover, for example, a single password.

Note that the factors in MFA should not share a common vulnerability; for example, if a system merely required two passwords, both could be vulnerable to leakage in the same manner (by network sniffing, or by a virus on the computer used by the user, for example).