What is multi-factor authentication (MFA)?
Multi-factor authentication (MFA) requires two or more distinct types of proof to confirm identity — typically combining something you know, something you have, and something you are — rather than a password alone.
What it means
NIST defines MFA as authentication using two or more factors: knowledge (a password or PIN), possession (a token or device), or inherence (a biometric). Requiring more than one factor makes stolen passwords far less useful to an attacker. MFA is a baseline control across identity, cloud, and security roles.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Definition source for What is multi-factor authentication (MFA)? | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |