1. Home
  2. Security
  3. The difference between 2FA & MFA

The difference between 2FA & MFA

What is the difference between two-factor & multi-factor authentication?

What is a factor?

Factors are pieces of information or credentials.

When you login to an account by using only a password, that is single-factor authentication. You’ve submitted one piece of information.

There are three common types of factors, as listed by TechTarget:

Knowledge: something you know, such as a user name and password.
Possession: something you have, such as a smart card or a security token.
Inherence: something you are, an inherent biometric characteristic such as a fingerprint, voice or iris pattern.

Time and location are also factors that may be used. But these may be enforced behind-the-scenes without you becoming aware.

Two-factor authentication

Two-factor authentication (2FA) is where two credentials are used to sign in. A common combination is (1) entering your user name & password and then (2) entering a code that was sent to you via text message. Another is using a password and a secure USB key.

In either case, you’re using two forms, hence two-factor.

Multi-factor authentication

Multi-factor authentication (MFA) is the term where a combination of two or more credentials are used to sign in to a service. You may have set-up a password, authenticator app, secure USB key, fingerprint, face-scan, etc.

A common example is:

  1. User name & password (knowledge) +
  2. Phone with facial recognition authentication to unlock (inherence) +
  3. Authenticator app (possession)

Multi-factor is a term often used by dedicated security apps and services (e.g. Duo), where two-factor is a term more often used by account services (e.g. Google).

What is happening in practice

Two-factor and multi-factor are terms that are often used interchangeably despite their slight differences. As account security standards becomes more sophisticated, multi-factor is becoming the preferred term.

End of passwords?

And as implied by multi-factor, some services are moving away from passwords altogether. E.g. signing-in using a combination of facial recognition + authenticator app; or Fingerprint + secure USB key.  There has been a low-key trend away from passwords but Google and Microsoft have recently upped their efforts to improve “alternative” factor security.

Updated on April 16, 2021

Related Articles

Can’t find an article?
Suggest a topic