U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

Multi-Factor Authentication (MFA)

Abbreviation(s) and Synonym(s):

Definition(s):

  Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See authenticator.
Source(s):
CNSSI 4009-2015 under multifactor authentication from NIST SP 800-53 Rev. 4

  An authentication system that requires more than one distinct authentication factor for successful authentication. Multi-factor authentication can be performed using a multi-factor authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.
Source(s):
NIST SP 800-63-3
NISTIR 8149 under Multi-Factor Authentication from NIST SP 800-63-3

  An authentication system that requires more than one distinct authentication factor for successful authentication. Multi-factor authentication can be performed using a multi-factor authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.
Source(s):
NIST SP 800-63-3

  An authenticator that provides more than one distinct authentication factor, such as a cryptographic authentication device with an integrated biometric sensor that is required to activate the device.
Source(s):
NIST SP 800-63-3 under Multi-Factor Authenticator

  An authentication system that requires more than one distinct authentication factor for successful authentication. Multifactor authentication can be performed using a multifactor authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.
Source(s):
NIST SP 1800-17b under Multifactor Authentication
NIST SP 1800-17c under Multifactor Authentication

  Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g., password/personal identification number); (ii) something you have (e.g., cryptographic identification device, token); and (iii) something you are (e.g., biometric).
Source(s):
NIST SP 1800-12b under multifactor authentication

  Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric). See authenticator.
Source(s):
NIST SP 800-171 Rev. 2 under multifactor authentication

  Authentication using two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator.
Source(s):
NIST SP 800-53 Rev. 4 under Multifactor Authentication

  Authentication using two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator.
Source(s):
NIST SP 800-53 Rev. 4 under Multifactor Authentication

  An authentication system or an authenticator that requires more than one authentication factor for successful authentication. Multi-factor authentication can be performed using a single authenticator that provides more than one factor or by a combination of authenticators that provide different factors.
Source(s):
NIST SP 800-53 Rev. 5 under multi-factor authentication from NIST SP 800-63-3

  The three authentication factors are something you know, something you have, and something you are. See authenticator.
Source(s):
NIST SP 800-53 Rev. 5 under multi-factor authentication

  Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something you are (e.g., biometric). See authenticator.
Source(s):
NIST SP 800-172 under multi-factor authentication

  Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric). See also Authenticator.
Source(s):
NIST SP 800-171 Rev. 1 [Superseded] under multifactor authentication