CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Multi-factor authentication - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"456785cf-47b8-4180-93d2-e4bbe8a73e67","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Multi-factor_authentication","wgTitle":"Multi-factor authentication","wgCurRevisionId":1256350487,"wgRevisionId":1256350487,"wgArticleId":22772421,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Articles with short description","Short description is different from Wikidata","Wikipedia articles with style issues from December 2020","All articles with style issues","Articles needing additional references from January 2021","All articles needing additional references","Articles with multiple maintenance issues","All articles with unsourced statements","Articles with unsourced statements from September 2023", "Wikipedia articles needing clarification from October 2023","Articles with unsourced statements from May 2023","All articles with failed verification","Articles with failed verification from October 2023","Articles with unsourced statements from October 2023","Pages using Sister project links with hidden wikidata","Authentication methods","Computer access control"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Multi-factor_authentication","wgRelevantArticleId":22772421,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search": true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":40000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q7878662","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready", "jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/thumb/f/f2/U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg/1200px-U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="818"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/thumb/f/f2/U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg/800px-U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg"> <meta property="og:image:width" content="800"> <meta property="og:image:height" content="545"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/thumb/f/f2/U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg/640px-U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg"> <meta property="og:image:width" content="640"> <meta property="og:image:height" content="436"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Multi-factor authentication - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Multi-factor_authentication"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Multi-factor_authentication&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Multi-factor_authentication"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Multi-factor_authentication rootpage-Multi-factor_authentication skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Multi-factor+authentication" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Multi-factor+authentication" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Multi-factor+authentication" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Multi-factor+authentication" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Factors" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Factors"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>Factors</span> </div> </a> <button aria-controls="toc-Factors-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Factors subsection</span> </button> <ul id="toc-Factors-sublist" class="vector-toc-list"> <li id="toc-Knowledge" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Knowledge"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.1</span> <span>Knowledge</span> </div> </a> <ul id="toc-Knowledge-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Possession" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Possession"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.2</span> <span>Possession</span> </div> </a> <ul id="toc-Possession-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Inherent" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Inherent"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.3</span> <span>Inherent</span> </div> </a> <ul id="toc-Inherent-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Location" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Location"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.4</span> <span>Location</span> </div> </a> <ul id="toc-Location-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Mobile_phone-based_authentication" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Mobile_phone-based_authentication"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Mobile phone-based authentication</span> </div> </a> <ul id="toc-Mobile_phone-based_authentication-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Legislation_and_regulation" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Legislation_and_regulation"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Legislation and regulation</span> </div> </a> <button aria-controls="toc-Legislation_and_regulation-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Legislation and regulation subsection</span> </button> <ul id="toc-Legislation_and_regulation-sublist" class="vector-toc-list"> <li id="toc-European_Union" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#European_Union"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.1</span> <span>European Union</span> </div> </a> <ul id="toc-European_Union-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-India" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#India"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2</span> <span>India</span> </div> </a> <ul id="toc-India-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-United_States" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#United_States"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.3</span> <span>United States</span> </div> </a> <ul id="toc-United_States-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Security" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Security"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Security</span> </div> </a> <button aria-controls="toc-Security-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Security subsection</span> </button> <ul id="toc-Security-sublist" class="vector-toc-list"> <li id="toc-MFA_fatigue" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#MFA_fatigue"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.1</span> <span>MFA fatigue</span> </div> </a> <ul id="toc-MFA_fatigue-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Implementation" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Implementation"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Implementation</span> </div> </a> <ul id="toc-Implementation-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Patents" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Patents"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Patents</span> </div> </a> <ul id="toc-Patents-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Further_reading" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Further_reading"> <div class="vector-toc-text"> <span class="vector-toc-numb">9</span> <span>Further reading</span> </div> </a> <ul id="toc-Further_reading-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">10</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Multi-factor authentication</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 36 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-36" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">36 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D9%85%D8%B5%D8%A7%D8%AF%D9%82%D8%A9_%D9%85%D8%AA%D8%B9%D8%AF%D8%AF%D8%A9_%D8%A7%D9%84%D8%B9%D9%88%D8%A7%D9%85%D9%84" title="مصادقة متعددة العوامل – Arabic" lang="ar" hreflang="ar" data-title="مصادقة متعددة العوامل" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target"><span>العربية</span></a></li><li class="interlanguage-link interwiki-az mw-list-item"><a href="https://az.wikipedia.org/wiki/%C3%87oxfaktorlu_autentifikasiya" title="Çoxfaktorlu autentifikasiya – Azerbaijani" lang="az" hreflang="az" data-title="Çoxfaktorlu autentifikasiya" data-language-autonym="Azərbaycanca" data-language-local-name="Azerbaijani" class="interlanguage-link-target"><span>Azərbaycanca</span></a></li><li class="interlanguage-link interwiki-bn mw-list-item"><a href="https://bn.wikipedia.org/wiki/%E0%A6%AC%E0%A6%B9%E0%A7%81-%E0%A6%A7%E0%A6%BE%E0%A6%AA%E0%A7%87%E0%A6%B0_%E0%A6%AA%E0%A7%8D%E0%A6%B0%E0%A6%AE%E0%A6%BE%E0%A6%A3%E0%A7%80%E0%A6%95%E0%A6%B0%E0%A6%A3" title="বহু-ধাপের প্রমাণীকরণ – Bangla" lang="bn" hreflang="bn" data-title="বহু-ধাপের প্রমাণীকরণ" data-language-autonym="বাংলা" data-language-local-name="Bangla" class="interlanguage-link-target"><span>বাংলা</span></a></li><li class="interlanguage-link interwiki-bs mw-list-item"><a href="https://bs.wikipedia.org/wiki/Potvr%C4%91ivanje_u_dva_koraka" title="Potvrđivanje u dva koraka – Bosnian" lang="bs" hreflang="bs" data-title="Potvrđivanje u dva koraka" data-language-autonym="Bosanski" data-language-local-name="Bosnian" class="interlanguage-link-target"><span>Bosanski</span></a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Autentificaci%C3%B3_de_doble_factor" title="Autentificació de doble factor – Catalan" lang="ca" hreflang="ca" data-title="Autentificació de doble factor" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/V%C3%ADcef%C3%A1zov%C3%A9_ov%C4%9B%C5%99en%C3%AD" title="Vícefázové ověření – Czech" lang="cs" hreflang="cs" data-title="Vícefázové ověření" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Multi-Faktor-Authentisierung" title="Multi-Faktor-Authentisierung – German" lang="de" hreflang="de" data-title="Multi-Faktor-Authentisierung" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-et mw-list-item"><a href="https://et.wikipedia.org/wiki/Mitme_teguriga_autentimine" title="Mitme teguriga autentimine – Estonian" lang="et" hreflang="et" data-title="Mitme teguriga autentimine" data-language-autonym="Eesti" data-language-local-name="Estonian" class="interlanguage-link-target"><span>Eesti</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Autenticaci%C3%B3n_de_m%C3%BAltiples_factores" title="Autenticación de múltiples factores – Spanish" lang="es" hreflang="es" data-title="Autenticación de múltiples factores" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-eu mw-list-item"><a href="https://eu.wikipedia.org/wiki/Faktore_anitzeko_kautotze" title="Faktore anitzeko kautotze – Basque" lang="eu" hreflang="eu" data-title="Faktore anitzeko kautotze" data-language-autonym="Euskara" data-language-local-name="Basque" class="interlanguage-link-target"><span>Euskara</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%A7%D8%AD%D8%B1%D8%A7%D8%B2_%D9%87%D9%88%DB%8C%D8%AA_%DA%86%D9%86%D8%AF%D8%B9%D8%A7%D9%85%D9%84%DB%8C" title="احراز هویت چندعاملی – Persian" lang="fa" hreflang="fa" data-title="احراز هویت چندعاملی" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-ga mw-list-item"><a href="https://ga.wikipedia.org/wiki/F%C3%ADordheimhni%C3%BA_ilmhodhanna" title="Fíordheimhniú ilmhodhanna – Irish" lang="ga" hreflang="ga" data-title="Fíordheimhniú ilmhodhanna" data-language-autonym="Gaeilge" data-language-local-name="Irish" class="interlanguage-link-target"><span>Gaeilge</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EB%8B%A4%EC%9A%94%EC%86%8C_%EC%9D%B8%EC%A6%9D" title="다요소 인증 – Korean" lang="ko" hreflang="ko" data-title="다요소 인증" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-hr mw-list-item"><a href="https://hr.wikipedia.org/wiki/Potvr%C4%91ivanje_u_dva_koraka" title="Potvrđivanje u dva koraka – Croatian" lang="hr" hreflang="hr" data-title="Potvrđivanje u dva koraka" data-language-autonym="Hrvatski" data-language-local-name="Croatian" class="interlanguage-link-target"><span>Hrvatski</span></a></li><li class="interlanguage-link interwiki-ia mw-list-item"><a href="https://ia.wikipedia.org/wiki/Authentication_multifactorial" title="Authentication multifactorial – Interlingua" lang="ia" hreflang="ia" data-title="Authentication multifactorial" data-language-autonym="Interlingua" data-language-local-name="Interlingua" class="interlanguage-link-target"><span>Interlingua</span></a></li><li class="interlanguage-link interwiki-he mw-list-item"><a href="https://he.wikipedia.org/wiki/%D7%90%D7%99%D7%9E%D7%95%D7%AA_%D7%A8%D7%91-%D7%A9%D7%9C%D7%91%D7%99" title="אימות רב-שלבי – Hebrew" lang="he" hreflang="he" data-title="אימות רב-שלבי" data-language-autonym="עברית" data-language-local-name="Hebrew" class="interlanguage-link-target"><span>עברית</span></a></li><li class="interlanguage-link interwiki-lt mw-list-item"><a href="https://lt.wikipedia.org/wiki/Dviej%C5%B3_faktori%C5%B3_autentifikacija" title="Dviejų faktorių autentifikacija – Lithuanian" lang="lt" hreflang="lt" data-title="Dviejų faktorių autentifikacija" data-language-autonym="Lietuvių" data-language-local-name="Lithuanian" class="interlanguage-link-target"><span>Lietuvių</span></a></li><li class="interlanguage-link interwiki-lmo mw-list-item"><a href="https://lmo.wikipedia.org/wiki/Autenticazzion_con_pussee_fator" title="Autenticazzion con pussee fator – Lombard" lang="lmo" hreflang="lmo" data-title="Autenticazzion con pussee fator" data-language-autonym="Lombard" data-language-local-name="Lombard" class="interlanguage-link-target"><span>Lombard</span></a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%AE%E0%B5%BE%E0%B4%9F%E0%B5%8D%E0%B4%9F%E0%B4%BF-%E0%B4%AB%E0%B4%BE%E0%B4%95%E0%B5%8D%E0%B4%9F%E0%B5%BC_%E0%B4%93%E0%B4%A4%E0%B4%A8%E0%B5%8D%E0%B4%B1%E0%B4%BF%E0%B4%95%E0%B5%8D%E0%B4%95%E0%B5%87%E0%B4%B7%E0%B5%BB" title="മൾട്ടി-ഫാക്ടർ ഓതന്റിക്കേഷൻ – Malayalam" lang="ml" hreflang="ml" data-title="മൾട്ടി-ഫാക്ടർ ഓതന്റിക്കേഷൻ" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target"><span>മലയാളം</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Multifactorauthenticatie" title="Multifactorauthenticatie – Dutch" lang="nl" hreflang="nl" data-title="Multifactorauthenticatie" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E5%A4%9A%E8%A6%81%E7%B4%A0%E8%AA%8D%E8%A8%BC" title="多要素認証 – Japanese" lang="ja" hreflang="ja" data-title="多要素認証" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-no mw-list-item"><a href="https://no.wikipedia.org/wiki/Flerfaktor-autentisering" title="Flerfaktor-autentisering – Norwegian Bokmål" lang="nb" hreflang="nb" data-title="Flerfaktor-autentisering" data-language-autonym="Norsk bokmål" data-language-local-name="Norwegian Bokmål" class="interlanguage-link-target"><span>Norsk bokmål</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Uwierzytelnianie_wielosk%C5%82adnikowe" title="Uwierzytelnianie wieloskładnikowe – Polish" lang="pl" hreflang="pl" data-title="Uwierzytelnianie wieloskładnikowe" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-ro mw-list-item"><a href="https://ro.wikipedia.org/wiki/Autentificare_cu_mai_mul%C8%9Bi_factori" title="Autentificare cu mai mulți factori – Romanian" lang="ro" hreflang="ro" data-title="Autentificare cu mai mulți factori" data-language-autonym="Română" data-language-local-name="Romanian" class="interlanguage-link-target"><span>Română</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/%D0%9C%D0%BD%D0%BE%D0%B3%D0%BE%D1%84%D0%B0%D0%BA%D1%82%D0%BE%D1%80%D0%BD%D0%B0%D1%8F_%D0%B0%D1%83%D1%82%D0%B5%D0%BD%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%86%D0%B8%D1%8F" title="Многофакторная аутентификация – Russian" lang="ru" hreflang="ru" data-title="Многофакторная аутентификация" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-sq mw-list-item"><a href="https://sq.wikipedia.org/wiki/V%C3%ABrtetimi_me_disa_faktor%C3%AB" title="Vërtetimi me disa faktorë – Albanian" lang="sq" hreflang="sq" data-title="Vërtetimi me disa faktorë" data-language-autonym="Shqip" data-language-local-name="Albanian" class="interlanguage-link-target"><span>Shqip</span></a></li><li class="interlanguage-link interwiki-sr mw-list-item"><a href="https://sr.wikipedia.org/wiki/%D0%9F%D0%BE%D1%82%D0%B2%D1%80%D1%92%D0%B8%D0%B2%D0%B0%D1%9A%D0%B5_%D1%83_%D0%B4%D0%B2%D0%B0_%D0%BA%D0%BE%D1%80%D0%B0%D0%BA%D0%B0" title="Потврђивање у два корака – Serbian" lang="sr" hreflang="sr" data-title="Потврђивање у два корака" data-language-autonym="Српски / srpski" data-language-local-name="Serbian" class="interlanguage-link-target"><span>Српски / srpski</span></a></li><li class="interlanguage-link interwiki-sh mw-list-item"><a href="https://sh.wikipedia.org/wiki/Potvr%C4%91ivanje_u_dva_koraka" title="Potvrđivanje u dva koraka – Serbo-Croatian" lang="sh" hreflang="sh" data-title="Potvrđivanje u dva koraka" data-language-autonym="Srpskohrvatski / српскохрватски" data-language-local-name="Serbo-Croatian" class="interlanguage-link-target"><span>Srpskohrvatski / српскохрватски</span></a></li><li class="interlanguage-link interwiki-sv mw-list-item"><a href="https://sv.wikipedia.org/wiki/Multifaktorautentisering" title="Multifaktorautentisering – Swedish" lang="sv" hreflang="sv" data-title="Multifaktorautentisering" data-language-autonym="Svenska" data-language-local-name="Swedish" class="interlanguage-link-target"><span>Svenska</span></a></li><li class="interlanguage-link interwiki-tl mw-list-item"><a href="https://tl.wikipedia.org/wiki/Pagpapatunay_sa_maramihang_salik" title="Pagpapatunay sa maramihang salik – Tagalog" lang="tl" hreflang="tl" data-title="Pagpapatunay sa maramihang salik" data-language-autonym="Tagalog" data-language-local-name="Tagalog" class="interlanguage-link-target"><span>Tagalog</span></a></li><li class="interlanguage-link interwiki-ta mw-list-item"><a href="https://ta.wikipedia.org/wiki/%E0%AE%95%E0%AF%82%E0%AE%95%E0%AE%BF%E0%AE%B3%E0%AF%8D_%E0%AE%87%E0%AE%B0%E0%AF%81_%E0%AE%AA%E0%AE%9F%E0%AE%BF_%E0%AE%9A%E0%AE%B0%E0%AE%BF%E0%AE%AA%E0%AE%BE%E0%AE%B0%E0%AF%8D%E0%AE%A4%E0%AF%8D%E0%AE%A4%E0%AE%B2%E0%AF%8D" title="கூகிள் இரு படி சரிபார்த்தல் – Tamil" lang="ta" hreflang="ta" data-title="கூகிள் இரு படி சரிபார்த்தல்" data-language-autonym="தமிழ்" data-language-local-name="Tamil" class="interlanguage-link-target"><span>தமிழ்</span></a></li><li class="interlanguage-link interwiki-th mw-list-item"><a href="https://th.wikipedia.org/wiki/%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%9E%E0%B8%B4%E0%B8%AA%E0%B8%B9%E0%B8%88%E0%B8%99%E0%B9%8C%E0%B8%95%E0%B8%B1%E0%B8%A7%E0%B8%88%E0%B8%A3%E0%B8%B4%E0%B8%87%E0%B8%94%E0%B9%89%E0%B8%A7%E0%B8%A2%E0%B8%9B%E0%B8%B1%E0%B8%88%E0%B8%88%E0%B8%B1%E0%B8%A2%E0%B8%AB%E0%B8%A5%E0%B8%B2%E0%B8%A2%E0%B8%AD%E0%B8%A2%E0%B9%88%E0%B8%B2%E0%B8%87" title="การพิสูจน์ตัวจริงด้วยปัจจัยหลายอย่าง – Thai" lang="th" hreflang="th" data-title="การพิสูจน์ตัวจริงด้วยปัจจัยหลายอย่าง" data-language-autonym="ไทย" data-language-local-name="Thai" class="interlanguage-link-target"><span>ไทย</span></a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/%C3%87ok_fakt%C3%B6rl%C3%BC_kimlik_do%C4%9Frulamas%C4%B1" title="Çok faktörlü kimlik doğrulaması – Turkish" lang="tr" hreflang="tr" data-title="Çok faktörlü kimlik doğrulaması" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target"><span>Türkçe</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/%D0%91%D0%B0%D0%B3%D0%B0%D1%82%D0%BE%D1%84%D0%B0%D0%BA%D1%82%D0%BE%D1%80%D0%BD%D0%B0_%D0%B0%D0%B2%D1%82%D0%B5%D0%BD%D1%82%D0%B8%D1%84%D1%96%D0%BA%D0%B0%D1%86%D1%96%D1%8F" title="Багатофакторна автентифікація – Ukrainian" lang="uk" hreflang="uk" data-title="Багатофакторна автентифікація" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-zh-yue mw-list-item"><a href="https://zh-yue.wikipedia.org/wiki/%E5%A4%9A%E9%87%8D%E8%A6%81%E7%B4%A0%E9%91%91%E5%88%A5" title="多重要素鑑別 – Cantonese" lang="yue" hreflang="yue" data-title="多重要素鑑別" data-language-autonym="粵語" data-language-local-name="Cantonese" class="interlanguage-link-target"><span>粵語</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E5%A4%9A%E9%87%8D%E8%A6%81%E7%B4%A0%E9%A9%97%E8%AD%89" title="多重要素驗證 – Chinese" lang="zh" hreflang="zh" data-title="多重要素驗證" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q7878662#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Multi-factor_authentication" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Multi-factor_authentication" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Multi-factor_authentication"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Multi-factor_authentication&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Multi-factor_authentication&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Multi-factor_authentication"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Multi-factor_authentication&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Multi-factor_authentication&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Multi-factor_authentication" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Multi-factor_authentication" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Multi-factor_authentication&oldid=1256350487" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Multi-factor_authentication&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Multi-factor_authentication&id=1256350487&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMulti-factor_authentication"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMulti-factor_authentication"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Multi-factor_authentication&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Multi-factor_authentication&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q7878662" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Method of computer access control</div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable selfref">"Two-factor authentication" redirects here. For two-factor authentication on Wikipedia, see <a href="/wiki/Help:Two-factor_authentication" title="Help:Two-factor authentication">Help:Two-factor authentication</a>.</div> <style data-mw-deduplicate="TemplateStyles:r1251242444">.mw-parser-output .ambox{border:1px solid #a2a9b1;border-left:10px solid #36c;background-color:#fbfbfb;box-sizing:border-box}.mw-parser-output .ambox+link+.ambox,.mw-parser-output .ambox+link+style+.ambox,.mw-parser-output .ambox+link+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+style+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+link+.ambox{margin-top:-1px}html body.mediawiki .mw-parser-output .ambox.mbox-small-left{margin:4px 1em 4px 0;overflow:hidden;width:238px;border-collapse:collapse;font-size:88%;line-height:1.25em}.mw-parser-output .ambox-speedy{border-left:10px solid #b32424;background-color:#fee7e6}.mw-parser-output .ambox-delete{border-left:10px solid #b32424}.mw-parser-output .ambox-content{border-left:10px solid #f28500}.mw-parser-output .ambox-style{border-left:10px solid #fc3}.mw-parser-output .ambox-move{border-left:10px solid #9932cc}.mw-parser-output .ambox-protection{border-left:10px solid #a2a9b1}.mw-parser-output .ambox .mbox-text{border:none;padding:0.25em 0.5em;width:100%}.mw-parser-output .ambox .mbox-image{border:none;padding:2px 0 2px 0.5em;text-align:center}.mw-parser-output .ambox .mbox-imageright{border:none;padding:2px 0.5em 2px 0;text-align:center}.mw-parser-output .ambox .mbox-empty-cell{border:none;padding:0;width:1px}.mw-parser-output .ambox .mbox-image-div{width:52px}@media(min-width:720px){.mw-parser-output .ambox{margin:0 10%}}@media print{body.ns-0 .mw-parser-output .ambox{display:none!important}}</style><style data-mw-deduplicate="TemplateStyles:r1248332772">.mw-parser-output .multiple-issues-text{width:95%;margin:0.2em 0}.mw-parser-output .multiple-issues-text>.mw-collapsible-content{margin-top:0.3em}.mw-parser-output .compact-ambox .ambox{border:none;border-collapse:collapse;background-color:transparent;margin:0 0 0 1.6em!important;padding:0!important;width:auto;display:block}body.mediawiki .mw-parser-output .compact-ambox .ambox.mbox-small-left{font-size:100%;width:auto;margin:0}.mw-parser-output .compact-ambox .ambox .mbox-text{padding:0!important;margin:0!important}.mw-parser-output .compact-ambox .ambox .mbox-text-span{display:list-item;line-height:1.5em;list-style-type:disc}body.skin-minerva .mw-parser-output .multiple-issues-text>.mw-collapsible-toggle,.mw-parser-output .compact-ambox .ambox .mbox-image,.mw-parser-output .compact-ambox .ambox .mbox-imageright,.mw-parser-output .compact-ambox .ambox .mbox-empty-cell,.mw-parser-output .compact-ambox .hide-when-compact{display:none}</style><table class="box-Multiple_issues plainlinks metadata ambox ambox-content ambox-multiple_issues compact-ambox" role="presentation"><tbody><tr><td class="mbox-image"><div class="mbox-image-div"><span typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/b/b4/Ambox_important.svg/40px-Ambox_important.svg.png" decoding="async" width="40" height="40" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/b/b4/Ambox_important.svg/60px-Ambox_important.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/b/b4/Ambox_important.svg/80px-Ambox_important.svg.png 2x" data-file-width="40" data-file-height="40" /></span></span></div></td><td class="mbox-text"><div class="mbox-text-span"><div class="multiple-issues-text mw-collapsible"><b>This article has multiple issues.</b> Please help <b><a href="/wiki/Special:EditPage/Multi-factor_authentication" title="Special:EditPage/Multi-factor authentication">improve it</a></b> or discuss these issues on the <b><a href="/wiki/Talk:Multi-factor_authentication" title="Talk:Multi-factor authentication">talk page</a></b>. <small><i>(<a href="/wiki/Help:Maintenance_template_removal" title="Help:Maintenance template removal">Learn how and when to remove these messages</a>)</i></small> <div class="mw-collapsible-content"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1251242444"><table class="box-Essay-like plainlinks metadata ambox ambox-style ambox-essay-like" role="presentation"><tbody><tr><td class="mbox-image"><div class="mbox-image-div"><span typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/f/f2/Edit-clear.svg/40px-Edit-clear.svg.png" decoding="async" width="40" height="40" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/f/f2/Edit-clear.svg/60px-Edit-clear.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/f/f2/Edit-clear.svg/80px-Edit-clear.svg.png 2x" data-file-width="48" data-file-height="48" /></span></span></div></td><td class="mbox-text"><div class="mbox-text-span">This article <b>is written like a <a href="/wiki/Wikipedia:What_Wikipedia_is_not#Wikipedia_is_not_a_publisher_of_original_thought" title="Wikipedia:What Wikipedia is not">personal reflection, personal essay, or argumentative essay</a></b> that states a Wikipedia editor's personal feelings or presents an original argument about a topic.<span class="hide-when-compact"> Please <a class="external text" href="https://en.wikipedia.org/w/index.php?title=Multi-factor_authentication&action=edit">help improve it</a> by rewriting it in an <a href="/wiki/Wikipedia:Writing_better_articles#Information_style_and_tone" title="Wikipedia:Writing better articles">encyclopedic style</a>.</span> <span class="date-container"><i>(<span class="date">December 2020</span>)</i></span><span class="hide-when-compact"><i> (<small><a href="/wiki/Help:Maintenance_template_removal" title="Help:Maintenance template removal">Learn how and when to remove this message</a></small>)</i></span></div></td></tr></tbody></table> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1251242444"><table class="box-More_citations_needed plainlinks metadata ambox ambox-content ambox-Refimprove" role="presentation"><tbody><tr><td class="mbox-image"><div class="mbox-image-div"><span typeof="mw:File"><a href="/wiki/File:Question_book-new.svg" class="mw-file-description"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/50px-Question_book-new.svg.png" decoding="async" width="50" height="39" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/75px-Question_book-new.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/100px-Question_book-new.svg.png 2x" data-file-width="512" data-file-height="399" /></a></span></div></td><td class="mbox-text"><div class="mbox-text-span">This article <b>needs additional citations for <a href="/wiki/Wikipedia:Verifiability" title="Wikipedia:Verifiability">verification</a></b>.<span class="hide-when-compact"> Please help <a href="/wiki/Special:EditPage/Multi-factor_authentication" title="Special:EditPage/Multi-factor authentication">improve this article</a> by <a href="/wiki/Help:Referencing_for_beginners" title="Help:Referencing for beginners">adding citations to reliable sources</a>. Unsourced material may be challenged and removed.<br /><small><span class="plainlinks"><i>Find sources:</i> <a rel="nofollow" class="external text" href="https://www.google.com/search?as_eq=wikipedia&q=%22Multi-factor+authentication%22">"Multi-factor authentication"</a> – <a rel="nofollow" class="external text" href="https://www.google.com/search?tbm=nws&q=%22Multi-factor+authentication%22+-wikipedia&tbs=ar:1">news</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.google.com/search?&q=%22Multi-factor+authentication%22&tbs=bkt:s&tbm=bks">newspapers</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.google.com/search?tbs=bks:1&q=%22Multi-factor+authentication%22+-wikipedia">books</a> <b>·</b> <a rel="nofollow" class="external text" href="https://scholar.google.com/scholar?q=%22Multi-factor+authentication%22">scholar</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.jstor.org/action/doBasicSearch?Query=%22Multi-factor+authentication%22&acc=on&wc=on">JSTOR</a></span></small></span> <span class="date-container"><i>(<span class="date">January 2021</span>)</i></span><span class="hide-when-compact"><i> (<small><a href="/wiki/Help:Maintenance_template_removal" title="Help:Maintenance template removal">Learn how and when to remove this message</a></small>)</i></span></div></td></tr></tbody></table> </div> </div><span class="hide-when-compact"><i> (<small><a href="/wiki/Help:Maintenance_template_removal" title="Help:Maintenance template removal">Learn how and when to remove this message</a></small>)</i></span></div></td></tr></tbody></table> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:U2F_Hardware_Authentication_Security_Keys_(Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO)_(42286852310).jpg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/f/f2/U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg/220px-U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg" decoding="async" width="220" height="150" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/f/f2/U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg/330px-U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/f/f2/U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg/440px-U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg 2x" data-file-width="2640" data-file-height="1800" /></a><figcaption>Hardware authentication security keys</figcaption></figure> <p><b>Multi-factor authentication</b> (<b>MFA</b>; <b>two-factor authentication</b>, or <b>2FA</b>, along with similar terms) is an <a href="/wiki/Electronic_authentication" title="Electronic authentication">electronic authentication</a> method in which a user is granted access to a <a href="/wiki/Website" title="Website">website</a> or <a href="/wiki/Application_software" title="Application software">application</a> only after successfully presenting two or more pieces of evidence (or <a href="/wiki/Authentication#Authentication_factors" title="Authentication">factors</a>) to an <a href="/wiki/Authentication" title="Authentication">authentication</a> mechanism. MFA protects <a href="/wiki/Personal_data" title="Personal data">personal data</a>—which may include personal identification or <a href="/wiki/Financial_asset" title="Financial asset">financial assets</a>—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password. </p><p>Usage of MFA has increased in recent years, however, there are numerous threats that consistently makes it hard to ensure MFA is entirely secure.<sup id="cite_ref-1" class="reference"><a href="#cite_note-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Factors">Factors</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=1" title="Edit section: Factors"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Authentication takes place when someone tries to <a href="/wiki/Log_into" class="mw-redirect" title="Log into">log into</a> a computer resource (such as a <a href="/wiki/Computer_network" title="Computer network">computer network</a>, device, or application). The resource requires the user to supply the identity by which the user is known to the resource, along with evidence of the authenticity of the user's claim to that identity. Simple authentication requires only one such piece of evidence (factor), typically a password. For additional security, the resource may require more than one factor—multi-factor authentication, or two-factor authentication in cases where exactly two pieces of evidence are to be supplied.<sup id="cite_ref-Note1_2-0" class="reference"><a href="#cite_note-Note1-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p><p>The use of multiple authentication factors to prove one's identity is based on the premise that an unauthorized actor is unlikely to be able to supply the factors required for access. If, in an authentication attempt, at least one of the components is missing or supplied incorrectly, the user's identity is not established with sufficient certainty and access to the asset (e.g., a building, or data) being protected by multi-factor authentication then remains blocked. The authentication factors of a multi-factor authentication scheme may include:<sup id="cite_ref-:2_3-0" class="reference"><a href="#cite_note-:2-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> </p> <ul><li>Something the user has: Any physical object in the possession of the user, such as a <a href="/wiki/Security_token" title="Security token">security token</a> (<a href="/wiki/USB_flash_drive" title="USB flash drive">USB stick</a>), a <a href="/wiki/Bank_card" title="Bank card">bank card</a>, a key, etc.</li> <li>Something the user knows: Certain knowledge only known to the user, such as a <a href="/wiki/Password" title="Password">password</a>, <a href="/wiki/Personal_identification_number" title="Personal identification number">PIN</a>, <a href="/wiki/Personal_unblocking_key" title="Personal unblocking key">PUK</a>, etc.</li> <li>Something the user is: Some physical characteristic of the user (<a href="/wiki/Biometrics" title="Biometrics">biometrics</a>), such as a fingerprint, eye iris, voice, <a href="/wiki/Keystroke_dynamics" title="Keystroke dynamics">typing speed</a>, pattern in key press intervals, etc.</li></ul> <p>An example of two-factor authentication is the withdrawing of money from an <a href="/wiki/Automated_teller_machine" class="mw-redirect" title="Automated teller machine">ATM</a>; only the correct combination of a <a href="/wiki/Bank_card" title="Bank card">bank card</a> (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out. Two other examples are to supplement a user-controlled password with a <a href="/wiki/One-time_password" title="One-time password">one-time password</a> (OTP) or code generated or received by an <a href="/wiki/Authenticator" title="Authenticator">authenticator</a> (e.g. a security token or smartphone) that only the user possesses.<sup id="cite_ref-4" class="reference"><a href="#cite_note-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> </p><p>A third-party <a href="/wiki/Authenticator" title="Authenticator">authenticator</a> app enables two-factor authentication in a different way, usually by showing a randomly generated and constantly refreshing code which the user can use, rather than sending an <a href="/wiki/SMS" title="SMS">SMS</a> or using another method.<sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Knowledge">Knowledge</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=2" title="Edit section: Knowledge"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Knowledge factors are a form of authentication. In this form, the user is required to prove knowledge of a secret in order to authenticate. </p><p>A password is a secret word or string of characters that is used for user authentication. This is the most commonly used mechanism of authentication.<sup id="cite_ref-:2_3-1" class="reference"><a href="#cite_note-:2-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> Many multi-factor authentication techniques rely on passwords as one factor of authentication. Variations include both longer ones formed from multiple words (a <a href="/wiki/Passphrase" title="Passphrase">passphrase</a>) and the shorter, purely numeric, PIN commonly used for <a href="/wiki/Automated_teller_machine" class="mw-redirect" title="Automated teller machine">ATM</a> access. Traditionally, passwords are expected to be <a href="/wiki/Memory" title="Memory">memorized</a>, but can also be written down on a hidden paper or text file. </p> <div class="mw-heading mw-heading3"><h3 id="Possession">Possession</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=3" title="Edit section: Possession"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:SecureID_token_new.JPG" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/8/8f/SecureID_token_new.JPG/220px-SecureID_token_new.JPG" decoding="async" width="220" height="165" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/8/8f/SecureID_token_new.JPG/330px-SecureID_token_new.JPG 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/8/8f/SecureID_token_new.JPG/440px-SecureID_token_new.JPG 2x" data-file-width="2048" data-file-height="1536" /></a><figcaption>RSA SecurID token, an example of a disconnected token generator</figcaption></figure> <p>Possession factors ("something only the user has") have been used for authentication for centuries, in the form of a key to a lock. The basic principle is that the key embodies a secret that is shared between the lock and the key, and the same principle underlies possession factor authentication in computer systems. A <a href="/wiki/Security_token" title="Security token">security token</a> is an example of a possession factor. </p><p><i>Disconnected tokens</i> have no connections to the client computer. They typically use a built-in screen to display the generated authentication data, which is manually typed in by the user. This type of token mostly uses a <a href="/wiki/One-time_password" title="One-time password">OTP</a> that can only be used for that specific session.<sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> </p> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Black_YubiKey_06.jpg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/4/45/Black_YubiKey_06.jpg/220px-Black_YubiKey_06.jpg" decoding="async" width="220" height="165" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/4/45/Black_YubiKey_06.jpg/330px-Black_YubiKey_06.jpg 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/4/45/Black_YubiKey_06.jpg/440px-Black_YubiKey_06.jpg 2x" data-file-width="3072" data-file-height="2304" /></a><figcaption>A USB security token</figcaption></figure> <p><i>Connected tokens</i> are <a href="/wiki/Machine" title="Machine">devices</a> that are <i>physically</i> connected to the computer to be used. Those devices transmit data automatically.<sup id="cite_ref-:0_7-0" class="reference"><a href="#cite_note-:0-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> There are a number of different types, including USB tokens, <a href="/wiki/Smart_card" title="Smart card">smart cards</a> and <a href="/wiki/RFID" class="mw-redirect" title="RFID">wireless tags</a>.<sup id="cite_ref-:0_7-1" class="reference"><a href="#cite_note-:0-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> Increasingly, <a href="/wiki/FIDO2" class="mw-redirect" title="FIDO2">FIDO2</a> capable tokens, supported by the <a href="/wiki/FIDO_Alliance" title="FIDO Alliance">FIDO Alliance</a> and the <a href="/wiki/World_Wide_Web_Consortium" title="World Wide Web Consortium">World Wide Web Consortium</a> (W3C), have become popular with mainstream browser support beginning in 2015. </p><p>A <a href="/wiki/Software_token" title="Software token">software token</a> (a.k.a. <i>soft token</i>) is a type of two-factor authentication security device that may be used to authorize the use of computer services. Software tokens are stored on a general-purpose electronic device such as a <a href="/wiki/Desktop_computer" title="Desktop computer">desktop computer</a>, <a href="/wiki/Laptop" title="Laptop">laptop</a>, <a href="/wiki/Personal_digital_assistant" title="Personal digital assistant">PDA</a>, or <a href="/wiki/Mobile_phone" title="Mobile phone">mobile phone</a> and can be duplicated. (Contrast <a href="/wiki/Hardware_token" class="mw-redirect" title="Hardware token">hardware tokens</a>, where the credentials are stored on a dedicated hardware device and therefore cannot be duplicated, absent physical invasion of the device). A soft token may not be a device the user interacts with. Typically an X.509v3 certificate is loaded onto the device and stored securely to serve this purpose.<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="The last two sentences are not elaborated by the linked software token article. (September 2023)">citation needed</span></a></i>]</sup> </p><p><a href="/wiki/Multi-factor_authentication_fatigue_attack" title="Multi-factor authentication fatigue attack">Multi-factor authentication</a> can also be applied in physical security systems. These physical security systems are known and commonly referred to as access control. Multi-factor authentication is typically deployed in access control systems through the use, firstly, of a physical possession (such as a fob, <a href="/wiki/Keycard_lock" title="Keycard lock">keycard</a>, or <a href="/wiki/QR_code" title="QR code">QR-code</a> displayed on a device) which acts as the identification credential, and secondly, a validation of one's identity such as facial biometrics or retinal scan. This form of multi-factor authentication is commonly referred to as facial verification or facial authentication. </p> <div class="mw-heading mw-heading3"><h3 id="Inherent">Inherent</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=4" title="Edit section: Inherent"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>These are factors associated with the user, and are usually <a href="/wiki/Biometrics" title="Biometrics">biometric</a> methods, including <a href="/wiki/Fingerprint" title="Fingerprint">fingerprint</a>, <a href="/wiki/Face_recognition" class="mw-redirect" title="Face recognition">face</a>,<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Speaker_recognition" title="Speaker recognition">voice</a>, or <a href="/wiki/Iris_recognition" title="Iris recognition">iris</a> recognition. Behavioral biometrics such as <a href="/wiki/Keystroke_dynamics" title="Keystroke dynamics">keystroke dynamics</a> can also be used. </p> <div class="mw-heading mw-heading3"><h3 id="Location">Location</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=5" title="Edit section: Location"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Increasingly, a fourth factor is coming into play involving the physical location of the user. While hard wired to the corporate network, a user could be allowed to login using only a pin code. Whereas if the user was off the network or working remotely, a more secure MFA method such as entering a code from a soft token as well could be required. Adapting the type of MFA method and frequency to a users' location will enable you to avoid risks common to remote working.<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup> </p><p>Systems for network admission control work in similar ways where the level of network access can be contingent on the specific network a device is connected to, such as <a href="/wiki/Wi-Fi" title="Wi-Fi">Wi-Fi</a> vs wired connectivity. This also allows a user to move between offices and dynamically receive <span class="cleanup-needed-content" style="padding-left:0.1em; padding-right:0.1em; color:var(--color-subtle, #54595d); border:1px solid var(--border-color-subtle, #c8ccd1);">the same level of network access</span><sup class="noprint Inline-Template" style="margin-left:0.1em; white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Please_clarify" title="Wikipedia:Please clarify"><span title="The previous sentence sets the expectation that the user would be granted different levels of access when using from different devices/network. (October 2023)">clarification needed</span></a></i>]</sup> in each.<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (May 2023)">citation needed</span></a></i>]</sup> </p> <div class="mw-heading mw-heading2"><h2 id="Mobile_phone-based_authentication">Mobile phone-based authentication</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=6" title="Edit section: Mobile phone-based authentication"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Aegis_Authenticator_3.2_screenshot.png" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/0/0f/Aegis_Authenticator_3.2_screenshot.png/220px-Aegis_Authenticator_3.2_screenshot.png" decoding="async" width="220" height="466" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/0/0f/Aegis_Authenticator_3.2_screenshot.png/330px-Aegis_Authenticator_3.2_screenshot.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/0/0f/Aegis_Authenticator_3.2_screenshot.png/440px-Aegis_Authenticator_3.2_screenshot.png 2x" data-file-width="720" data-file-height="1526" /></a><figcaption>Example of mobile phone-based authentication showing one-time passwords</figcaption></figure> <p>Two-factor authentication over text message was developed as early as 1996, when AT&T described a system for authorizing transactions based on an exchange of codes over two-way pagers.<sup id="cite_ref-10" class="reference"><a href="#cite_note-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup> </p><p>Many multi-factor authentication vendors offer mobile phone-based authentication. Some methods include push-based authentication, QR code-based authentication, one-time password authentication (event-based and time-based), and SMS-based verification. SMS-based verification suffers from some security concerns. Phones can be cloned, apps can run on several phones and cell-phone maintenance personnel can read SMS texts. Not least, cell phones can be compromised in general, meaning the phone is no longer something only the user has. </p><p>The major drawback of authentication including something the user possesses is that the user must carry around the physical token (the USB stick, the bank card, the key or similar), practically at all times. Loss and theft are risks. Many organizations forbid carrying USB and electronic devices in or out of premises owing to <a href="/wiki/Malware" title="Malware">malware</a> and data theft risks, and most important machines do not have USB ports for the same reason. Physical tokens usually do not scale, typically requiring a new token for each new account and system. Procuring and subsequently replacing tokens of this kind involves costs. In addition, there are inherent conflicts and unavoidable trade-offs between usability and security.<sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> </p><p>Two-step authentication involving <a href="/wiki/Mobile_phone" title="Mobile phone">mobile phones</a> and <a href="/wiki/Smartphone" title="Smartphone">smartphones</a> provides an alternative to dedicated physical devices. To authenticate, people can use their personal access codes to the device (i.e. something that only the individual user knows) plus a one-time-valid, dynamic passcode, typically consisting of 4 to 6 digits. The passcode can be sent to their mobile device<sup id="cite_ref-Note1_2-1" class="reference"><a href="#cite_note-Note1-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> by <a href="/wiki/SMS" title="SMS">SMS</a> or can be generated by a one-time passcode-generator app. In both cases, the advantage of using a mobile phone is that there is no need for an additional dedicated token, as users tend to carry their <a href="/wiki/Mobile_device" title="Mobile device">mobile devices</a> around at all times. </p><p>Notwithstanding the popularity of SMS verification, security advocates have publicly criticized SMS verification,<sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> and in July 2016, a United States <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">NIST</a> draft guideline proposed deprecating it as a form of authentication.<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup> A year later NIST reinstated SMS verification as a valid authentication channel in the finalized guideline.<sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> </p><p>In 2016 and 2017 respectively, both Google and Apple started offering user two-step authentication with <a href="/wiki/Push_technology" title="Push technology">push notifications</a><sup id="cite_ref-:2_3-2" class="reference"><a href="#cite_note-:2-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> as an alternative method.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p><p>Security of mobile-delivered security tokens fully depends on the mobile operator's operational security and can be easily breached by wiretapping or <a href="/wiki/SIM_cloning" class="mw-redirect" title="SIM cloning">SIM cloning</a> by national security agencies.<sup id="cite_ref-bcat20160430_18-0" class="reference"><a href="#cite_note-bcat20160430-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup> </p><p><b>Advantages:</b> </p> <ul><li>No additional tokens are necessary because it uses mobile devices that are (usually) carried all the time.</li> <li>As they are constantly changed, dynamically generated passcodes are safer to use than fixed (static) log-in information.</li> <li>Depending on the solution, passcodes that have been used are automatically replaced in order to ensure that a valid code is always available, transmission/reception problems do not, therefore, prevent logins.</li></ul> <p><b>Disadvantages:</b> </p> <ul><li>Users may still be susceptible to phishing attacks. An attacker can send a text message that links to a <a href="/wiki/Spoofed_URL" title="Spoofed URL">spoofed website</a> that looks identical to the actual website. The attacker can then get the authentication code, user name and password.<sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup></li> <li>A mobile phone is not always available—it can be lost, stolen, have a dead battery, or otherwise not work.</li> <li>Despite their growing popularity, some users may not even own a mobile device, and take umbrage at being required to own one as a condition of using some service on their home PC.</li> <li>Mobile phone reception is not always available—large areas, particularly outside of towns, lack coverage.</li> <li><a href="/wiki/SIM_cloning" class="mw-redirect" title="SIM cloning">SIM cloning</a> gives hackers access to mobile phone connections. <a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">Social-engineering</a> attacks against mobile-operator companies have resulted in the handing over of duplicate SIM cards to criminals.<sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup></li> <li>Text messages to mobile phones using <a href="/wiki/Short_Message_Service" class="mw-redirect" title="Short Message Service">SMS</a> are insecure and can be intercepted by <a href="/wiki/IMSI-catcher" title="IMSI-catcher">IMSI-catchers</a>. Thus third parties can steal and use the token.<sup id="cite_ref-21" class="reference"><a href="#cite_note-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup></li> <li>Account recovery typically bypasses mobile-phone two-factor authentication.<sup id="cite_ref-Note1_2-2" class="reference"><a href="#cite_note-Note1-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup><sup class="noprint Inline-Template" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Verifiability" title="Wikipedia:Verifiability"><span title="The article says account recovery typically bypasses ALL 2FA, not just mobile phone. (October 2023)">failed verification</span></a></i>]</sup></li> <li>Modern smartphones are used both for receiving email and SMS. So if the phone is lost or stolen and is not protected by a password or biometric, all accounts for which the email is the key can be hacked as the phone can receive the second factor.</li> <li>Mobile carriers may charge the user messaging fees.</li></ul> <div class="mw-heading mw-heading2"><h2 id="Legislation_and_regulation">Legislation and regulation</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=7" title="Edit section: Legislation and regulation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The <a href="/wiki/Payment_card_industry" title="Payment card industry">Payment Card Industry (PCI)</a> Data Security Standard, requirement 8.3, requires the use of MFA for all remote network access that originates from outside the network to a Card Data Environment (CDE).<sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup> Beginning with PCI-DSS version 3.2, the use of MFA is required for all administrative access to the CDE, even if the user is within a trusted network. </p> <div class="mw-heading mw-heading3"><h3 id="European_Union">European Union</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=8" title="Edit section: European Union"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The second <a href="/wiki/Payment_Services_Directive" title="Payment Services Directive">Payment Services Directive</a> requires "<a href="/wiki/Strong_customer_authentication" title="Strong customer authentication">strong customer authentication</a>" on most electronic payments in the <a href="/wiki/European_Economic_Area" title="European Economic Area">European Economic Area</a> since September 14, 2019.<sup id="cite_ref-23" class="reference"><a href="#cite_note-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="India">India</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=9" title="Edit section: India"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In India, the <a href="/wiki/Reserve_Bank_of_India" title="Reserve Bank of India">Reserve Bank of India</a> mandated two-factor authentication for all online transactions made using a debit or credit card using either a password or a one-time password sent over <a href="/wiki/Short_messaging_service" class="mw-redirect" title="Short messaging service">SMS</a>. This requirement was removed in 2016 for transactions up to ₹2,000 after opting-in with the issuing bank.<sup id="cite_ref-24" class="reference"><a href="#cite_note-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup> Vendors such as <a href="/wiki/Uber" title="Uber">Uber</a> have been mandated by the bank to amend their payment processing systems in compliance with this two-factor authentication rollout.<sup id="cite_ref-25" class="reference"><a href="#cite_note-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-26" class="reference"><a href="#cite_note-26"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-27" class="reference"><a href="#cite_note-27"><span class="cite-bracket">[</span>27<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="United_States">United States</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=10" title="Edit section: United States"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Details for authentication for federal employees and contractors in the U.S. are defined in Homeland Security Presidential Directive 12 (HSPD-12).<sup id="cite_ref-28" class="reference"><a href="#cite_note-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> </p><p>IT regulatory standards for access to federal government systems require the use of multi-factor authentication to access sensitive IT resources, for example when logging on to network devices to perform administrative tasks<sup id="cite_ref-29" class="reference"><a href="#cite_note-29"><span class="cite-bracket">[</span>29<span class="cite-bracket">]</span></a></sup> and when accessing any computer using a privileged login.<sup id="cite_ref-30" class="reference"><a href="#cite_note-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup> </p><p><a href="/wiki/NIST" class="mw-redirect" title="NIST">NIST</a> Special Publication 800-63-3 discusses various forms of two-factor authentication and provides guidance on using them in business processes requiring different levels of assurance.<sup id="cite_ref-31" class="reference"><a href="#cite_note-31"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup> </p><p>In 2005, the United States' <a href="/wiki/Federal_Financial_Institutions_Examination_Council" title="Federal Financial Institutions Examination Council">Federal Financial Institutions Examination Council</a> issued guidance for financial institutions recommending financial institutions conduct risk-based assessments, evaluate customer awareness programs, and develop security measures to reliably authenticate customers remotely accessing <a href="/wiki/Online_banking" title="Online banking">online financial services</a>, officially recommending the use of authentication methods that depend on more than one factor (specifically, what a user knows, has, and is) to determine the user's identity.<sup id="cite_ref-32" class="reference"><a href="#cite_note-32"><span class="cite-bracket">[</span>32<span class="cite-bracket">]</span></a></sup> In response to the publication, numerous authentication vendors began improperly promoting challenge-questions, secret images, and other knowledge-based methods as "multi-factor" authentication. Due to the resulting confusion and widespread adoption of such methods, on August 15, 2006, the FFIEC published supplemental guidelines—which state that by definition, a "true" multi-factor authentication system must use distinct instances of the three factors of authentication it had defined, and not just use multiple instances of a single factor.<sup id="cite_ref-ffiec-faw_33-0" class="reference"><a href="#cite_note-ffiec-faw-33"><span class="cite-bracket">[</span>33<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Security">Security</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=11" title="Edit section: Security"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>According to proponents, multi-factor authentication could drastically reduce the incidence of online <a href="/wiki/Identity_theft" title="Identity theft">identity theft</a> and other online <a href="/wiki/Fraud" title="Fraud">fraud</a>, because the victim's password would no longer be enough to give a thief permanent access to their information. However, many multi-factor authentication approaches remain vulnerable to <a href="/wiki/Phishing" title="Phishing">phishing</a>,<sup id="cite_ref-voices.washingtonpost.com_34-0" class="reference"><a href="#cite_note-voices.washingtonpost.com-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Man-in-the-browser" title="Man-in-the-browser">man-in-the-browser</a>, and <a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">man-in-the-middle attacks</a>.<sup id="cite_ref-35" class="reference"><a href="#cite_note-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup> Two-factor authentication in web applications are especially susceptible to phishing attacks, particularly in SMS and e-mails, and, as a response, many experts advise users not to share their verification codes with anyone,<sup id="cite_ref-36" class="reference"><a href="#cite_note-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup> and many web application providers will place an advisory in an e-mail or SMS containing a code.<sup id="cite_ref-37" class="reference"><a href="#cite_note-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup> </p><p>Multi-factor authentication may be ineffective<sup id="cite_ref-38" class="reference"><a href="#cite_note-38"><span class="cite-bracket">[</span>38<span class="cite-bracket">]</span></a></sup> against modern threats, like ATM skimming, phishing, and malware.<sup id="cite_ref-39" class="reference"><a href="#cite_note-39"><span class="cite-bracket">[</span>39<span class="cite-bracket">]</span></a></sup> </p><p>In May 2017, <a href="/wiki/Telef%C3%B3nica_Germany" title="Telefónica Germany">O2 Telefónica</a>, a German mobile service provider, confirmed that cybercriminals had exploited <a href="/wiki/Signalling_System_No._7" title="Signalling System No. 7">SS7</a> vulnerabilities to bypass SMS based two-step authentication to do unauthorized withdrawals from users' bank accounts. The criminals first <a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">infected</a> the account holder's computers in an attempt to steal their bank account credentials and phone numbers. Then the attackers purchased access to a fake telecom provider and set up a redirect for the victim's phone number to a handset controlled by them. Finally, the attackers logged into victims' online bank accounts and requested for the money on the accounts to be withdrawn to accounts owned by the criminals. SMS passcodes were routed to phone numbers controlled by the attackers and the criminals transferred the money out.<sup id="cite_ref-40" class="reference"><a href="#cite_note-40"><span class="cite-bracket">[</span>40<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="MFA_fatigue">MFA fatigue</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=12" title="Edit section: MFA fatigue"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Multi-factor_authentication_fatigue_attack" title="Multi-factor authentication fatigue attack">Multi-factor authentication fatigue attack</a></div> <p>An increasingly common approach to defeating MFA is to bombard the user with many requests to accept a log-in, until the user eventually succumbs to the volume of requests and accepts one.<sup id="cite_ref-41" class="reference"><a href="#cite_note-41"><span class="cite-bracket">[</span>41<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Implementation">Implementation</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=13" title="Edit section: Implementation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Many <a href="/wiki/Multi-factor_authentication_fatigue_attack" title="Multi-factor authentication fatigue attack">multi-factor authentication</a> products require users to deploy <a href="/wiki/Client_(computing)" title="Client (computing)">client</a> <a href="/wiki/Software" title="Software">software</a> to make multi-factor authentication systems work. Some vendors have created separate installation packages for <a href="/wiki/Computer_network" title="Computer network">network</a> login, <a href="/wiki/WWW" class="mw-redirect" title="WWW">Web</a> access <a href="/wiki/Credential" title="Credential">credentials</a>, and <a href="/wiki/VPN" class="mw-redirect" title="VPN">VPN</a> connection <a href="/wiki/Credential" title="Credential">credentials</a>. For such products, there may be four or five different <a href="/wiki/Software" title="Software">software</a> packages to push down to the <a href="/wiki/Client_(computing)" title="Client (computing)">client</a> PC in order to make use of the <a href="/wiki/Security_token" title="Security token">token</a> or <a href="/wiki/Smart_card" title="Smart card">smart card</a>. This translates to four or five packages on which version control has to be performed, and four or five packages to check for conflicts with business applications. If access can be operated using <a href="/wiki/Web_page" title="Web page">web pages</a>, it is possible to limit the overheads outlined above to a single application. With other multi-factor authentication technology such as hardware token products, no software must be installed by end-users.<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (October 2023)">citation needed</span></a></i>]</sup> </p><p>There are drawbacks to multi-factor authentication that are keeping many approaches from becoming widespread. Some users have difficulty keeping track of a hardware token or USB plug. Many users do not have the technical skills needed to install a client-side software certificate by themselves. Generally, multi-factor solutions require additional investment for implementation and costs for maintenance. Most hardware token-based systems are proprietary, and some vendors charge an annual fee per user. Deployment of <a href="/wiki/Security_token" title="Security token">hardware tokens</a> is logistically challenging. Hardware <a href="/wiki/Security_token" title="Security token">tokens</a> may get damaged or lost, and issuance of <a href="/wiki/Security_token" title="Security token">tokens</a> in large industries such as banking or even within large enterprises needs to be managed. In addition to deployment costs, multi-factor authentication often carries significant additional support costs.<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (October 2023)">citation needed</span></a></i>]</sup> A 2008 survey<sup id="cite_ref-42" class="reference"><a href="#cite_note-42"><span class="cite-bracket">[</span>42<span class="cite-bracket">]</span></a></sup> of over 120 <a href="/wiki/Credit_unions_in_the_United_States" title="Credit unions in the United States">U.S. credit unions</a> by the <i>Credit Union Journal</i> reported on the support costs associated with two-factor authentication. In their report, <span class="cleanup-needed-content" style="padding-left:0.1em; padding-right:0.1em; color:var(--color-subtle, #54595d); border:1px solid var(--border-color-subtle, #c8ccd1);">software certificates and software toolbar approaches</span><sup class="noprint Inline-Template" style="margin-left:0.1em; white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Please_clarify" title="Wikipedia:Please clarify"><span title="These weren't explained before. (October 2023)">clarification needed</span></a></i>]</sup> were reported to have the highest support costs. </p><p>Research into deployments of multi-factor authentication schemes<sup id="cite_ref-:1_43-0" class="reference"><a href="#cite_note-:1-43"><span class="cite-bracket">[</span>43<span class="cite-bracket">]</span></a></sup> has shown that one of the elements that tend to impact the adoption of such systems is the line of business of the organization that deploys the multi-factor authentication system. Examples cited include the U.S. government, which employs an elaborate system of physical tokens (which themselves are backed by robust <a href="/wiki/Public_key_infrastructure" title="Public key infrastructure">Public Key Infrastructure</a>), as well as private banks, which tend to prefer multi-factor authentication schemes for their customers that involve more accessible, less expensive means of identity verification, such as an app installed onto a customer-owned smartphone. Despite the variations that exist among available systems that organizations may have to choose from, once a multi-factor authentication system is deployed within an organization, it tends to remain in place, as users invariably acclimate to the presence and use of the system and embrace it over time as a normalized element of their daily process of interaction with their relevant information system. </p><p>While the perception is that multi-factor authentication is within the realm of perfect security, Roger Grimes writes<sup id="cite_ref-44" class="reference"><a href="#cite_note-44"><span class="cite-bracket">[</span>44<span class="cite-bracket">]</span></a></sup> that if not properly implemented and configured, multi-factor authentication can in fact be easily defeated. </p> <div class="mw-heading mw-heading2"><h2 id="Patents">Patents</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=14" title="Edit section: Patents"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In 2013, <a href="/wiki/Kim_Dotcom" title="Kim Dotcom">Kim Dotcom</a> claimed to have invented two-factor authentication in a 2000 patent,<sup id="cite_ref-US_PATENT_6078908_45-0" class="reference"><a href="#cite_note-US_PATENT_6078908-45"><span class="cite-bracket">[</span>45<span class="cite-bracket">]</span></a></sup> and briefly threatened to sue all the major web services. However, the European Patent Office revoked his patent<sup id="cite_ref-Brodkin,_ARS_Technical,_2019_46-0" class="reference"><a href="#cite_note-Brodkin,_ARS_Technical,_2019-46"><span class="cite-bracket">[</span>46<span class="cite-bracket">]</span></a></sup> in light of an earlier 1998 U.S. patent held by AT&T.<sup id="cite_ref-US_PATENT_5708422_47-0" class="reference"><a href="#cite_note-US_PATENT_5708422-47"><span class="cite-bracket">[</span>47<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=15" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Authentication#Authentication_factors" title="Authentication"> Authentication factors</a></li> <li><a href="/wiki/Electronic_authentication" title="Electronic authentication">Electronic authentication</a></li> <li><a href="/wiki/Identity_management" class="mw-redirect" title="Identity management">Identity management</a></li> <li><a href="/wiki/Multi-party_authorization" title="Multi-party authorization">Multi-party authorization</a></li> <li><a href="/wiki/Mutual_authentication" title="Mutual authentication">Mutual authentication</a></li> <li><a href="/wiki/Out-of-band" title="Out-of-band">Out-of-band</a></li> <li><a href="/wiki/Reliance_authentication" title="Reliance authentication">Reliance authentication</a></li> <li><a href="/wiki/Strong_authentication" title="Strong authentication">Strong authentication</a></li> <li><a href="/wiki/Universal_2nd_Factor" title="Universal 2nd Factor">Universal 2nd Factor</a></li> <li><a href="/wiki/Identity_threat_detection_and_response" title="Identity threat detection and response">Identity threat detection and response</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=16" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-1">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite id="CITEREFRussell2023" class="citation journal cs1">Russell, Steve (2023-02-22). <a rel="nofollow" class="external text" href="https://doi.org/10.1093/combul/bwad023">"Bypassing Multi-Factor Authentication"</a>. <i>ITNOW</i>. <b>65</b> (1): 42–45. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1093%2Fcombul%2Fbwad023">10.1093/combul/bwad023</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1746-5702">1746-5702</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ITNOW&rft.atitle=Bypassing+Multi-Factor+Authentication&rft.volume=65&rft.issue=1&rft.pages=42-45&rft.date=2023-02-22&rft_id=info%3Adoi%2F10.1093%2Fcombul%2Fbwad023&rft.issn=1746-5702&rft.aulast=Russell&rft.aufirst=Steve&rft_id=https%3A%2F%2Fdoi.org%2F10.1093%2Fcombul%2Fbwad023&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-Note1-2"><span class="mw-cite-backlink">^ <a href="#cite_ref-Note1_2-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Note1_2-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-Note1_2-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq">"Two-factor authentication: What you need to know (FAQ) – CNET"</a>. <i>CNET</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2015-10-31</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CNET&rft.atitle=Two-factor+authentication%3A+What+you+need+to+know+%28FAQ%29+%E2%80%93+CNET&rft_id=http%3A%2F%2Fwww.cnet.com%2Fnews%2Ftwo-factor-authentication-what-you-need-to-know-faq&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-:2-3"><span class="mw-cite-backlink">^ <a href="#cite_ref-:2_3-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:2_3-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-:2_3-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJacommeKremer2021" class="citation journal cs1">Jacomme, Charlie; Kremer, Steve (February 1, 2021). <a rel="nofollow" class="external text" href="https://dl.acm.org/doi/10.1145/3440712">"An Extensive Formal Analysis of Multi-factor Authentication Protocols"</a>. <i>ACM Transactions on Privacy and Security</i>. <b>24</b> (2). New York City: Association for Computing Machinery: 1–34. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1145%2F3440712">10.1145/3440712</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/2471-2566">2471-2566</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:231791299">231791299</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ACM+Transactions+on+Privacy+and+Security&rft.atitle=An+Extensive+Formal+Analysis+of+Multi-factor+Authentication+Protocols&rft.volume=24&rft.issue=2&rft.pages=1-34&rft.date=2021-02-01&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A231791299%23id-name%3DS2CID&rft.issn=2471-2566&rft_id=info%3Adoi%2F10.1145%2F3440712&rft.aulast=Jacomme&rft.aufirst=Charlie&rft.au=Kremer%2C+Steve&rft_id=https%3A%2F%2Fdl.acm.org%2Fdoi%2F10.1145%2F3440712&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-4">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFkaitlin.boeckl@nist.gov2016" class="citation web cs1">kaitlin.boeckl@nist.gov (2016-06-28). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210406235123/https://www.nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication">"Back to basics: Multi-factor authentication (MFA)"</a>. <i>NIST</i>. Archived from <a rel="nofollow" class="external text" href="https://www.nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication">the original</a> on 2021-04-06<span class="reference-accessdate">. Retrieved <span class="nowrap">2021-04-06</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=NIST&rft.atitle=Back+to+basics%3A+Multi-factor+authentication+%28MFA%29&rft.date=2016-06-28&rft.au=kaitlin.boeckl%40nist.gov&rft_id=https%3A%2F%2Fwww.nist.gov%2Fitl%2Fapplied-cybersecurity%2Ftig%2Fback-basics-multi-factor-authentication&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-5">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBarrett2018" class="citation magazine cs1">Barrett, Brian (July 22, 2018). <a rel="nofollow" class="external text" href="https://www.wired.com/story/two-factor-authentication-apps-authy-google-authenticator/">"How to Secure Your Accounts With Better Two-Factor Authentication"</a>. <i><a href="/wiki/Wired_(magazine)" title="Wired (magazine)">Wired</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">12 September</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=How+to+Secure+Your+Accounts+With+Better+Two-Factor+Authentication&rft.date=2018-07-22&rft.aulast=Barrett&rft.aufirst=Brian&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Ftwo-factor-authentication-apps-authy-google-authenticator%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-6">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.sonicwall.com/support/knowledge-base/configuring-one-time-passwords/170505594681886/">"Configuring One-Time Passwords"</a>. <i>www.sonicwall.com</i>. Sonic Wall<span class="reference-accessdate">. Retrieved <span class="nowrap">19 January</span> 2022</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.sonicwall.com&rft.atitle=Configuring+One-Time+Passwords&rft_id=https%3A%2F%2Fwww.sonicwall.com%2Fsupport%2Fknowledge-base%2Fconfiguring-one-time-passwords%2F170505594681886%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-:0-7"><span class="mw-cite-backlink">^ <a href="#cite_ref-:0_7-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:0_7-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFvan_TilborgJajodia2011" class="citation book cs1">van Tilborg, Henk C.A.; Jajodia, Sushil, eds. (2011). <i>Encyclopedia of Cryptography and Security, Volume 1</i>. Berlin, Germany: <a href="/wiki/Springer_Science_%26_Business_Media" class="mw-redirect" title="Springer Science & Business Media">Springer Science & Business Media</a>. p. 1305. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9781441959058" title="Special:BookSources/9781441959058"><bdi>9781441959058</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Encyclopedia+of+Cryptography+and+Security%2C+Volume+1&rft.place=Berlin%2C+Germany&rft.pages=1305&rft.pub=Springer+Science+%26+Business+Media&rft.date=2011&rft.isbn=9781441959058&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCaoGe2015" class="citation journal cs1">Cao, Liling; Ge, Wancheng (2015-03-10). <a rel="nofollow" class="external text" href="https://onlinelibrary.wiley.com/doi/10.1002/sec.1010">"Analysis and improvement of a multi-factor biometric authentication scheme: Analysis and improvement of a MFBA scheme"</a>. <i>Security and Communication Networks</i>. <b>8</b> (4): 617–625. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1002%2Fsec.1010">10.1002/sec.1010</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Security+and+Communication+Networks&rft.atitle=Analysis+and+improvement+of+a+multi-factor+biometric+authentication+scheme%3A+Analysis+and+improvement+of+a+MFBA+scheme&rft.volume=8&rft.issue=4&rft.pages=617-625&rft.date=2015-03-10&rft_id=info%3Adoi%2F10.1002%2Fsec.1010&rft.aulast=Cao&rft.aufirst=Liling&rft.au=Ge%2C+Wancheng&rft_id=https%3A%2F%2Fonlinelibrary.wiley.com%2Fdoi%2F10.1002%2Fsec.1010&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.darkreading.com/cyberattacks-data-breaches/11-tips-for-protecting-active-directory-while-working-from-home">"11 Tips for Protecting Active Directory While Working from Home"</a>. <i>www.darkreading.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2024-08-29</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.darkreading.com&rft.atitle=11+Tips+for+Protecting+Active+Directory+While+Working+from+Home&rft_id=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2F11-tips-for-protecting-active-directory-while-working-from-home&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-10">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2013/may/23/kim-dotcom-authentication-patents">"Does Kim Dotcom have original 'two-factor' login patent?"</a>. <i>the Guardian</i>. 2013-05-23<span class="reference-accessdate">. Retrieved <span class="nowrap">2022-11-02</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=the+Guardian&rft.atitle=Does+Kim+Dotcom+have+original+%27two-factor%27+login+patent%3F&rft.date=2013-05-23&rft_id=http%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2013%2Fmay%2F23%2Fkim-dotcom-authentication-patents&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1041539562">.mw-parser-output .citation{word-wrap:break-word}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}</style><span class="citation patent"><a rel="nofollow" class="external text" href="https://worldwide.espacenet.com/textdoc?DB=EPODOC&IDX=EP0745961">EP 0745961</a>, "Transaction authorization and alert system", issued 1996-12-04</span><span class="Z3988" title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.number=0745961&rft.cc=EP&rft.title=Transaction+authorization+and+alert+system&rft.date=1996-12-04"><span style="display: none;"> </span></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWangHeWangChu2014" class="citation journal cs1">Wang, Ding; He, Debiao; Wang, Ping; Chu, Chao-Hsien (2014). <a rel="nofollow" class="external text" href="http://eprint.iacr.org/2014/135.pdf">"Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment"</a> <span class="cs1-format">(PDF)</span>. <i>IEEE Transactions on Dependable and Secure Computing</i>. Piscataway, New Jersey: <a href="/wiki/Institute_of_Electrical_and_Electronics_Engineers" title="Institute of Electrical and Electronics Engineers">Institute of Electrical and Electronics Engineers</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-03-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=IEEE+Transactions+on+Dependable+and+Secure+Computing&rft.atitle=Anonymous+Two-Factor+Authentication+in+Distributed+Systems%3A+Certain+Goals+Are+Beyond+Attainment&rft.date=2014&rft.aulast=Wang&rft.aufirst=Ding&rft.au=He%2C+Debiao&rft.au=Wang%2C+Ping&rft.au=Chu%2C+Chao-Hsien&rft_id=http%3A%2F%2Feprint.iacr.org%2F2014%2F135.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAndy_Greenberg2016" class="citation magazine cs1">Andy Greenberg (2016-06-26). <a rel="nofollow" class="external text" href="https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/">"So Hey You Should Stop Using Texts For Two-factor Authentication"</a>. <i>Wired</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-05-12</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=So+Hey+You+Should+Stop+Using+Texts+For+Two-factor+Authentication&rft.date=2016-06-26&rft.au=Andy+Greenberg&rft_id=https%3A%2F%2Fwww.wired.com%2F2016%2F06%2Fhey-stop-using-texts-two-factor-authentication%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html">"NIST is No Longer Recommending Two-Factor Authentication Using SMS"</a>. Schneier on Security. August 3, 2016<span class="reference-accessdate">. Retrieved <span class="nowrap">November 30,</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NIST+is+No+Longer+Recommending+Two-Factor+Authentication+Using+SMS&rft.pub=Schneier+on+Security&rft.date=2016-08-03&rft_id=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2016%2F08%2Fnist_is_no_long.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blogs.sap.com/2017/07/06/rollback-the-united-states-nist-no-longer-recommends-deprecating-sms-for-2fa/">"Rollback! The United States NIST no longer recommends "Deprecating SMS for 2FA"<span class="cs1-kern-right"></span>"</a>. July 6, 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">May 21,</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Rollback%21+The+United+States+NIST+no+longer+recommends+%22Deprecating+SMS+for+2FA%22&rft.date=2017-07-06&rft_id=https%3A%2F%2Fblogs.sap.com%2F2017%2F07%2F06%2Frollback-the-united-states-nist-no-longer-recommends-deprecating-sms-for-2fa%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTung" class="citation web cs1">Tung, Liam. <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/google-prompt-you-can-now-just-tap-yes-or-no-on-ios-android-to-approve-gmail-sign-in/">"Google prompt: You can now just tap 'yes' or 'no' on iOS, Android to approve Gmail sign-in"</a>. <i>ZD Net</i><span class="reference-accessdate">. Retrieved <span class="nowrap">11 September</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZD+Net&rft.atitle=Google+prompt%3A+You+can+now+just+tap+%27yes%27+or+%27no%27+on+iOS%2C+Android+to+approve+Gmail+sign-in&rft.aulast=Tung&rft.aufirst=Liam&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fgoogle-prompt-you-can-now-just-tap-yes-or-no-on-ios-android-to-approve-gmail-sign-in%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFChance_Miller2017" class="citation web cs1">Chance Miller (2017-02-25). <a rel="nofollow" class="external text" href="https://9to5mac.com/2017/02/25/two-factor-authentication-ios-10-3/">"Apple prompting iOS 10.3"</a>. <i>9to5 Mac</i><span class="reference-accessdate">. Retrieved <span class="nowrap">11 September</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=9to5+Mac&rft.atitle=Apple+prompting+iOS+10.3&rft.date=2017-02-25&rft.au=Chance+Miller&rft_id=https%3A%2F%2F9to5mac.com%2F2017%2F02%2F25%2Ftwo-factor-authentication-ios-10-3%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-bcat20160430-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-bcat20160430_18-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20160430211219/https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/">"How Russia Works on Intercepting Messaging Apps – bellingcat"</a>. <i>bellingcat</i>. 2016-04-30. Archived from <a rel="nofollow" class="external text" href="https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/">the original</a> on 2016-04-30<span class="reference-accessdate">. Retrieved <span class="nowrap">2016-04-30</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=bellingcat&rft.atitle=How+Russia+Works+on+Intercepting+Messaging+Apps+%E2%80%93+bellingcat&rft.date=2016-04-30&rft_id=https%3A%2F%2Fwww.bellingcat.com%2Fnews%2F2016%2F04%2F30%2Frussia-telegram-hack%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKan2019" class="citation news cs1">Kan, Michael (7 March 2019). <a rel="nofollow" class="external text" href="https://www.pcmag.com/news/367026/google-phishing-attacks-that-can-beat-two-factor-are-on-the">"Google: Phishing Attacks That Can Beat Two-Factor Are on the Rise"</a>. <i>PC Mag</i><span class="reference-accessdate">. Retrieved <span class="nowrap">9 September</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=PC+Mag&rft.atitle=Google%3A+Phishing+Attacks+That+Can+Beat+Two-Factor+Are+on+the+Rise&rft.date=2019-03-07&rft.aulast=Kan&rft.aufirst=Michael&rft_id=https%3A%2F%2Fwww.pcmag.com%2Fnews%2F367026%2Fgoogle-phishing-attacks-that-can-beat-two-factor-are-on-the&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNichols2017" class="citation web cs1">Nichols, Shaun (10 July 2017). <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2017/07/10/att_falls_for_hacker_tricks/">"Two-factor FAIL: Chap gets pwned after 'AT&T falls for hacker tricks'<span class="cs1-kern-right"></span>"</a>. <i><a href="/wiki/The_Register" title="The Register">The Register</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-07-11</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Two-factor+FAIL%3A+Chap+gets+pwned+after+%27AT%26T+falls+for+hacker+tricks%27&rft.date=2017-07-10&rft.aulast=Nichols&rft.aufirst=Shaun&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2017%2F07%2F10%2Fatt_falls_for_hacker_tricks%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-21">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTooraniBeheshti2008" class="citation book cs1">Toorani, Mohsen; Beheshti, A. (2008). "SSMS - A secure SMS messaging protocol for the m-payment systems". <i>2008 IEEE Symposium on Computers and Communications</i>. pp. 700–705. <a href="/wiki/ArXiv_(identifier)" class="mw-redirect" title="ArXiv (identifier)">arXiv</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://arxiv.org/abs/1002.3171">1002.3171</a></span>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FISCC.2008.4625610">10.1109/ISCC.2008.4625610</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4244-2702-4" title="Special:BookSources/978-1-4244-2702-4"><bdi>978-1-4244-2702-4</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:5066992">5066992</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=SSMS+-+A+secure+SMS+messaging+protocol+for+the+m-payment+systems&rft.btitle=2008+IEEE+Symposium+on+Computers+and+Communications&rft.pages=700-705&rft.date=2008&rft_id=info%3Aarxiv%2F1002.3171&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A5066992%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2FISCC.2008.4625610&rft.isbn=978-1-4244-2702-4&rft.aulast=Toorani&rft.aufirst=Mohsen&rft.au=Beheshti%2C+A.&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.pcisecuritystandards.org/document_library?document=pci_dss">"Official PCI Security Standards Council Site – Verify PCI Compliance, Download Data Security and Credit Card Security Standards"</a>. <i>www.pcisecuritystandards.org</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2016-07-25</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.pcisecuritystandards.org&rft.atitle=Official+PCI+Security+Standards+Council+Site+%E2%80%93+Verify+PCI+Compliance%2C+Download+Data+Security+and+Credit+Card+Security+Standards&rft_id=https%3A%2F%2Fwww.pcisecuritystandards.org%2Fdocument_library%3Fdocument%3Dpci_dss&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-23">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs2"><a rel="nofollow" class="external text" href="http://data.europa.eu/eli/reg_del/2018/389/oj/eng"><i>Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (Text with EEA relevance.)</i></a>, 2018-03-13<span class="reference-accessdate">, retrieved <span class="nowrap">2021-04-06</span></span></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Commission+Delegated+Regulation+%28EU%29+2018%2F389+of+27+November+2017+supplementing+Directive+%28EU%29+2015%2F2366+of+the+European+Parliament+and+of+the+Council+with+regard+to+regulatory+technical+standards+for+strong+customer+authentication+and+common+and+secure+open+standards+of+communication+%28Text+with+EEA+relevance.%29&rft.date=2018-03-13&rft_id=http%3A%2F%2Fdata.europa.eu%2Feli%2Freg_del%2F2018%2F389%2Foj%2Feng&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-24"><span class="mw-cite-backlink"><b><a href="#cite_ref-24">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKarnik2016" class="citation news cs1">Karnik, Madhura (7 December 2016). <a rel="nofollow" class="external text" href="https://qz.com/india/854701/rbi-eases-two-factor-authentication-finally-indians-can-use-credit-cards-online-without-painful-otps-but-only-for-under-rs2000">"Finally, Indians can use credit cards online without painful OTPs—but only for purchases under Rs2,000"</a>. <i>Quartz</i><span class="reference-accessdate">. Retrieved <span class="nowrap">10 December</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Quartz&rft.atitle=Finally%2C+Indians+can+use+credit+cards+online+without+painful+OTPs%E2%80%94but+only+for+purchases+under+Rs2%2C000&rft.date=2016-12-07&rft.aulast=Karnik&rft.aufirst=Madhura&rft_id=https%3A%2F%2Fqz.com%2Findia%2F854701%2Frbi-eases-two-factor-authentication-finally-indians-can-use-credit-cards-online-without-painful-otps-but-only-for-under-rs2000&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-25">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAgarwal2016" class="citation news cs1">Agarwal, Surabhi (7 December 2016). <a rel="nofollow" class="external text" href="https://economictimes.indiatimes.com/news/economy/policy/payment-firms-applaud-rbis-move-to-waive-off-two-factor-authentication-for-small-value-transactions/articleshow/55856755.cms?from=mdr">"Payment firms applaud RBI's move to waive off two-factor authentication for small value transactions"</a>. <i>The Economic Times</i><span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Economic+Times&rft.atitle=Payment+firms+applaud+RBI%27s+move+to+waive+off+two-factor+authentication+for+small+value+transactions&rft.date=2016-12-07&rft.aulast=Agarwal&rft.aufirst=Surabhi&rft_id=https%3A%2F%2Feconomictimes.indiatimes.com%2Fnews%2Feconomy%2Fpolicy%2Fpayment-firms-applaud-rbis-move-to-waive-off-two-factor-authentication-for-small-value-transactions%2Farticleshow%2F55856755.cms%3Ffrom%3Dmdr&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-26">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNair2016" class="citation news cs1">Nair, Vishwanath (6 December 2016). <a rel="nofollow" class="external text" href="https://www.livemint.com/Industry/bJmdHvAuLVC5af1O0NCE0O/RBI-eases-rules-for-online-card-payments-up-to-Rs2000.html">"RBI eases two-factor authentication for online card transactions up to Rs2,000"</a>. <i>Livemint</i><span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Livemint&rft.atitle=RBI+eases+two-factor+authentication+for+online+card+transactions+up+to+Rs2%2C000&rft.date=2016-12-06&rft.aulast=Nair&rft.aufirst=Vishwanath&rft_id=https%3A%2F%2Fwww.livemint.com%2FIndustry%2FbJmdHvAuLVC5af1O0NCE0O%2FRBI-eases-rules-for-online-card-payments-up-to-Rs2000.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-27">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://venturebeat.com/2014/11/30/uber-now-complies-with-indias-two-factor-authentication-requirement-calls-it-unnecessary-and-burdensome/">"Uber now complies with India's two-factor authentication requirement, calls it unnecessary and burdensome"</a>. <i>VentureBeat</i>. 2014-11-30<span class="reference-accessdate">. Retrieved <span class="nowrap">2021-09-05</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=VentureBeat&rft.atitle=Uber+now+complies+with+India%27s+two-factor+authentication+requirement%2C+calls+it+unnecessary+and+burdensome&rft.date=2014-11-30&rft_id=https%3A%2F%2Fventurebeat.com%2F2014%2F11%2F30%2Fuber-now-complies-with-indias-two-factor-authentication-requirement-calls-it-unnecessary-and-burdensome%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-28"><span class="mw-cite-backlink"><b><a href="#cite_ref-28">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20120916062033/http://hspd12.usda.gov/about.html">"Homeland Security Presidential Directive 12"</a>. <i>Department of Homeland Security</i>. August 1, 2008. Archived from <a rel="nofollow" class="external text" href="https://www.dhs.gov/homeland-security-presidential-directive-12">the original</a> on September 16, 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Department+of+Homeland+Security&rft.atitle=Homeland+Security+Presidential+Directive+12&rft.date=2008-08-01&rft_id=https%3A%2F%2Fwww.dhs.gov%2Fhomeland-security-presidential-directive-12&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-29">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130128051636/http://www.sans.org/critical-security-controls/control.php?id=10">"SANS Institute, Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches"</a>. Archived from <a rel="nofollow" class="external text" href="http://www.sans.org/critical-security-controls/control.php?id=10">the original</a> on 2013-01-28<span class="reference-accessdate">. Retrieved <span class="nowrap">2013-02-11</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SANS+Institute%2C+Critical+Control+10%3A+Secure+Configurations+for+Network+Devices+such+as+Firewalls%2C+Routers%2C+and+Switches&rft_id=http%3A%2F%2Fwww.sans.org%2Fcritical-security-controls%2Fcontrol.php%3Fid%3D10&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-30"><span class="mw-cite-backlink"><b><a href="#cite_ref-30">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130128051708/http://www.sans.org/critical-security-controls/control.php?id=12">"SANS Institute, Critical Control 12: Controlled Use of Administrative Privileges"</a>. Archived from <a rel="nofollow" class="external text" href="https://www.sans.org/critical-security-controls/control.php?id=12">the original</a> on 2013-01-28<span class="reference-accessdate">. Retrieved <span class="nowrap">2013-02-11</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SANS+Institute%2C+Critical+Control+12%3A+Controlled+Use+of+Administrative+Privileges&rft_id=https%3A%2F%2Fwww.sans.org%2Fcritical-security-controls%2Fcontrol.php%3Fid%3D12&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-31"><span class="mw-cite-backlink"><b><a href="#cite_ref-31">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://pages.nist.gov/800-63-3/">"Digital Identity Guidelines"</a>. <i>NIST Special Publication 800-63-3</i>. NIST. June 22, 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">February 2,</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=NIST+Special+Publication+800-63-3&rft.atitle=Digital+Identity+Guidelines&rft.date=2017-06-22&rft_id=https%3A%2F%2Fpages.nist.gov%2F800-63-3%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-32">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ffiec.gov/press/pr101205.htm">"FFIEC Press Release"</a>. 2005-10-12<span class="reference-accessdate">. Retrieved <span class="nowrap">2011-05-13</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=FFIEC+Press+Release&rft.date=2005-10-12&rft_id=http%3A%2F%2Fwww.ffiec.gov%2Fpress%2Fpr101205.htm&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-ffiec-faw-33"><span class="mw-cite-backlink"><b><a href="#cite_ref-ffiec-faw_33-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ffiec.gov/pdf/authentication_faq.pdf">"Frequently Asked Questions on FFIEC Guidance on Authentication in an Internet Banking Environment"</a> <span class="cs1-format">(PDF)</span>. FFIEC. 2006-08-15. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20121115102618/http://www.ffiec.gov/pdf/authentication_faq.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 2012-11-15.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Frequently+Asked+Questions+on+FFIEC+Guidance+on+Authentication+in+an+Internet+Banking+Environment&rft.pub=FFIEC&rft.date=2006-08-15&rft_id=https%3A%2F%2Fwww.ffiec.gov%2Fpdf%2Fauthentication_faq.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-voices.washingtonpost.com-34"><span class="mw-cite-backlink"><b><a href="#cite_ref-voices.washingtonpost.com_34-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrian_Krebs2006" class="citation news cs1">Brian Krebs (July 10, 2006). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20110703141728/http://voices.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html">"Security Fix – Citibank Phish Spoofs 2-Factor Authentication"</a>. <i>Washington Post</i>. Archived from <a rel="nofollow" class="external text" href="http://voices.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html">the original</a> on July 3, 2011<span class="reference-accessdate">. Retrieved <span class="nowrap">20 September</span> 2016</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Washington+Post&rft.atitle=Security+Fix+%E2%80%93+Citibank+Phish+Spoofs+2-Factor+Authentication&rft.date=2006-07-10&rft.au=Brian+Krebs&rft_id=http%3A%2F%2Fvoices.washingtonpost.com%2Fsecurityfix%2F2006%2F07%2Fcitibank_phish_spoofs_2factor_1.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-35"><span class="mw-cite-backlink"><b><a href="#cite_ref-35">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBruce_Schneier2005" class="citation web cs1">Bruce Schneier (March 2005). <a rel="nofollow" class="external text" href="http://www.schneier.com/blog/archives/2005/03/the_failure_of.html">"The Failure of Two-Factor Authentication"</a>. <i>Schneier on Security</i><span class="reference-accessdate">. Retrieved <span class="nowrap">20 September</span> 2016</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Schneier+on+Security&rft.atitle=The+Failure+of+Two-Factor+Authentication&rft.date=2005-03&rft.au=Bruce+Schneier&rft_id=http%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2005%2F03%2Fthe_failure_of.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-36"><span class="mw-cite-backlink"><b><a href="#cite_ref-36">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAlex_Perekalin2018" class="citation web cs1">Alex Perekalin (May 2018). <a rel="nofollow" class="external text" href="https://www.kaspersky.com/blog/dont-send-codes/22448/">"Why you shouldn't ever send verification codes to anyone"</a>. <i>Kaspersky</i><span class="reference-accessdate">. Retrieved <span class="nowrap">17 October</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Kaspersky&rft.atitle=Why+you+shouldn%27t+ever+send+verification+codes+to+anyone&rft.date=2018-05&rft.au=Alex+Perekalin&rft_id=https%3A%2F%2Fwww.kaspersky.com%2Fblog%2Fdont-send-codes%2F22448%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-37"><span class="mw-cite-backlink"><b><a href="#cite_ref-37">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSiadatiNguyenGuptaJakobsson2017" class="citation journal cs1">Siadati, Hossein; Nguyen, Toan; Gupta, Payas; Jakobsson, Markus; Memon, Nasir (2017). <a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.cose.2016.09.009">"Mind your SMSes: Mitigating Social Engineering in Second Factor Authentication"</a>. <i>Computers & Security</i>. <b>65</b>: 14–28. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.1016%2Fj.cose.2016.09.009">10.1016/j.cose.2016.09.009</a></span>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:10821943">10821943</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computers+%26+Security&rft.atitle=Mind+your+SMSes%3A+Mitigating+Social+Engineering+in+Second+Factor+Authentication&rft.volume=65&rft.pages=14-28&rft.date=2017&rft_id=info%3Adoi%2F10.1016%2Fj.cose.2016.09.009&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A10821943%23id-name%3DS2CID&rft.aulast=Siadati&rft.aufirst=Hossein&rft.au=Nguyen%2C+Toan&rft.au=Gupta%2C+Payas&rft.au=Jakobsson%2C+Markus&rft.au=Memon%2C+Nasir&rft_id=https%3A%2F%2Fdoi.org%2F10.1016%252Fj.cose.2016.09.009&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-38"><span class="mw-cite-backlink"><b><a href="#cite_ref-38">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFShankland" class="citation web cs1">Shankland, Stephen. <a rel="nofollow" class="external text" href="https://www.cnet.com/news/two-factor-authentication-isnt-as-secure-as-you-might-expect-world-password-day/">"Two-factor authentication? Not as secure as you'd expect when logging into email or your bank"</a>. <i>CNET</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2020-09-27</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CNET&rft.atitle=Two-factor+authentication%3F+Not+as+secure+as+you%27d+expect+when+logging+into+email+or+your+bank&rft.aulast=Shankland&rft.aufirst=Stephen&rft_id=https%3A%2F%2Fwww.cnet.com%2Fnews%2Ftwo-factor-authentication-isnt-as-secure-as-you-might-expect-world-password-day%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-39"><span class="mw-cite-backlink"><b><a href="#cite_ref-39">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.schneier.com/blog/archives/2012/02/the_failure_of_2.html">"The Failure of Two-Factor Authentication – Schneier on Security"</a>. <i>schneier.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">23 October</span> 2015</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=schneier.com&rft.atitle=The+Failure+of+Two-Factor+Authentication+%E2%80%93+Schneier+on+Security&rft_id=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2012%2F02%2Fthe_failure_of_2.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-40"><span class="mw-cite-backlink"><b><a href="#cite_ref-40">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKhandelwal" class="citation news cs1">Khandelwal, Swati. <a rel="nofollow" class="external text" href="http://thehackernews.com/2017/05/ss7-vulnerability-bank-hacking.html">"Real-World SS7 Attack – Hackers Are Stealing Money From Bank Accounts"</a>. <i>The Hacker News</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-05</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Hacker+News&rft.atitle=Real-World+SS7+Attack+%E2%80%93+Hackers+Are+Stealing+Money+From+Bank+Accounts&rft.aulast=Khandelwal&rft.aufirst=Swati&rft_id=http%3A%2F%2Fthehackernews.com%2F2017%2F05%2Fss7-vulnerability-bank-hacking.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-41"><span class="mw-cite-backlink"><b><a href="#cite_ref-41">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/">"MFA Fatigue: Hackers' new favorite tactic in high-profile breaches"</a>. <i>BleepingComputer</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-08-12</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=BleepingComputer&rft.atitle=MFA+Fatigue%3A+Hackers%27+new+favorite+tactic+in+high-profile+breaches&rft_id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-42"><span class="mw-cite-backlink"><b><a href="#cite_ref-42">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20110708212931/http://www.cujournal.com/issues/12_15/-100094-1.html">"Study Sheds New Light On Costs, Effects Of Multi-Factor"</a>. 4 April 2008. Archived from <a rel="nofollow" class="external text" href="http://www.cujournal.com/issues/12_15/-100094-1.html">the original</a> on July 8, 2011.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Study+Sheds+New+Light+On+Costs%2C+Effects+Of+Multi-Factor&rft.date=2008-04-04&rft_id=http%3A%2F%2Fwww.cujournal.com%2Fissues%2F12_15%2F-100094-1.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-:1-43"><span class="mw-cite-backlink"><b><a href="#cite_ref-:1_43-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLibicki,_Martin_C.Balkovich,_EdwardJackson,_Brian_A.Rudavsky,_Rena2011" class="citation web cs1">Libicki, Martin C.; Balkovich, Edward; Jackson, Brian A.; Rudavsky, Rena; Webb, Katharine (2011). <a rel="nofollow" class="external text" href="https://www.rand.org/pubs/technical_reports/TR937.html">"Influences on the Adoption of Multifactor Authentication"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Influences+on+the+Adoption+of+Multifactor+Authentication&rft.date=2011&rft.au=Libicki%2C+Martin+C.&rft.au=Balkovich%2C+Edward&rft.au=Jackson%2C+Brian+A.&rft.au=Rudavsky%2C+Rena&rft.au=Webb%2C+Katharine&rft_id=https%3A%2F%2Fwww.rand.org%2Fpubs%2Ftechnical_reports%2FTR937.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-44"><span class="mw-cite-backlink"><b><a href="#cite_ref-44">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.wiley.com/en-us/Hacking+Multifactor+Authentication-p-9781119650805">"Hacking Multifactor Authentication | Wiley"</a>. <i>Wiley.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2020-12-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Wiley.com&rft.atitle=Hacking+Multifactor+Authentication+%7C+Wiley&rft_id=https%3A%2F%2Fwww.wiley.com%2Fen-us%2FHacking%2BMultifactor%2BAuthentication-p-9781119650805&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-US_PATENT_6078908-45"><span class="mw-cite-backlink"><b><a href="#cite_ref-US_PATENT_6078908_45-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1041539562"><span class="citation patent" id="CITEREFSchmitz,_Kim"><a rel="nofollow" class="external text" href="https://worldwide.espacenet.com/textdoc?DB=EPODOC&IDX=US6078908">US 6078908</a>, Schmitz, Kim, "Method for authorizing in data transmission systems"</span><span class="Z3988" title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.number=6078908&rft.cc=US&rft.title=Method+for+authorizing+in+data+transmission+systems&rft.inventor=Schmitz%2C+Kim"><span style="display: none;"> </span></span></span> </li> <li id="cite_note-Brodkin,_ARS_Technical,_2019-46"><span class="mw-cite-backlink"><b><a href="#cite_ref-Brodkin,_ARS_Technical,_2019_46-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrodkin2013" class="citation web cs1">Brodkin, Jon (23 May 2013). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190709090048/https://arstechnica.com/information-technology/2013/05/kim-dotcom-claims-he-invented-two-factor-authentication-but-he-wasnt-first/">"Kim Dotcom claims he invented two-factor authentication—but he wasn't first"</a>. <i><a href="/wiki/Ars_Technica" title="Ars Technica">Ars Technica</a></i>. Archived from <a rel="nofollow" class="external text" href="https://arstechnica.com/information-technology/2013/05/kim-dotcom-claims-he-invented-two-factor-authentication-but-he-wasnt-first/">the original</a> on 9 July 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">25 July</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Kim+Dotcom+claims+he+invented+two-factor+authentication%E2%80%94but+he+wasn%27t+first&rft.date=2013-05-23&rft.aulast=Brodkin&rft.aufirst=Jon&rft_id=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2013%2F05%2Fkim-dotcom-claims-he-invented-two-factor-authentication-but-he-wasnt-first%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></span> </li> <li id="cite_note-US_PATENT_5708422-47"><span class="mw-cite-backlink"><b><a href="#cite_ref-US_PATENT_5708422_47-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1041539562"><span class="citation patent" id="CITEREFBlonder,_et_al."><a rel="nofollow" class="external text" href="https://worldwide.espacenet.com/textdoc?DB=EPODOC&IDX=US5708422">US 5708422</a>, Blonder, et al., "Transaction authorization and alert system"</span><span class="Z3988" title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.number=5708422&rft.cc=US&rft.title=Transaction+authorization+and+alert+system&rft.inventor=Blonder%2C+et+al."><span style="display: none;"> </span></span></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="Further_reading">Further reading</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=17" title="Edit section: Further reading"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239549316">.mw-parser-output .refbegin{margin-bottom:0.5em}.mw-parser-output .refbegin-hanging-indents>ul{margin-left:0}.mw-parser-output .refbegin-hanging-indents>ul>li{margin-left:0;padding-left:3.2em;text-indent:-3.2em}.mw-parser-output .refbegin-hanging-indents ul,.mw-parser-output .refbegin-hanging-indents ul li{list-style:none}@media(max-width:720px){.mw-parser-output .refbegin-hanging-indents>ul>li{padding-left:1.6em;text-indent:-1.6em}}.mw-parser-output .refbegin-columns{margin-top:0.3em}.mw-parser-output .refbegin-columns ul{margin-top:0}.mw-parser-output .refbegin-columns li{page-break-inside:avoid;break-inside:avoid-column}@media screen{.mw-parser-output .refbegin{font-size:90%}}</style><div class="refbegin" style=""> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrandom2017" class="citation web cs1">Brandom, Russell (July 10, 2017). <a rel="nofollow" class="external text" href="https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess">"Two-factor authentication is a mess"</a>. <i><a href="/wiki/The_Verge" title="The Verge">The Verge</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">July 10,</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Verge&rft.atitle=Two-factor+authentication+is+a+mess&rft.date=2017-07-10&rft.aulast=Brandom&rft.aufirst=Russell&rft_id=https%3A%2F%2Fwww.theverge.com%2F2017%2F7%2F10%2F15946642%2Ftwo-factor-authentication-online-security-mess&rfr_id=info%3Asid%2Fen.wikipedia.org%3AMulti-factor+authentication" class="Z3988"></span></li></ul> </div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Multi-factor_authentication&action=edit&section=18" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1235681985">.mw-parser-output .side-box{margin:4px 0;box-sizing:border-box;border:1px solid #aaa;font-size:88%;line-height:1.25em;background-color:var(--background-color-interactive-subtle,#f8f9fa);display:flow-root}.mw-parser-output .side-box-abovebelow,.mw-parser-output .side-box-text{padding:0.25em 0.9em}.mw-parser-output .side-box-image{padding:2px 0 2px 0.9em;text-align:center}.mw-parser-output .side-box-imageright{padding:2px 0.9em 2px 0;text-align:center}@media(min-width:500px){.mw-parser-output .side-box-flex{display:flex;align-items:center}.mw-parser-output .side-box-text{flex:1;min-width:0}}@media(min-width:720px){.mw-parser-output .side-box{width:238px}.mw-parser-output .side-box-right{clear:right;float:right;margin-left:1em}.mw-parser-output .side-box-left{margin-right:1em}}</style><style data-mw-deduplicate="TemplateStyles:r1250146164">.mw-parser-output .sister-box .side-box-abovebelow{padding:0.75em 0;text-align:center}.mw-parser-output .sister-box .side-box-abovebelow>b{display:block}.mw-parser-output .sister-box .side-box-text>ul{border-top:1px solid #aaa;padding:0.75em 0;width:217px;margin:0 auto}.mw-parser-output .sister-box .side-box-text>ul>li{min-height:31px}.mw-parser-output .sister-logo{display:inline-block;width:31px;line-height:31px;vertical-align:middle;text-align:center}.mw-parser-output .sister-link{display:inline-block;margin-left:4px;width:182px;vertical-align:middle}@media print{body.ns-0 .mw-parser-output .sistersitebox{display:none!important}}@media screen{html.skin-theme-clientpref-night .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-v2.svg"]{background-color:white}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-v2.svg"]{background-color:white}}</style><div role="navigation" aria-labelledby="sister-projects" class="side-box metadata side-box-right sister-box sistersitebox plainlinks"><style data-mw-deduplicate="TemplateStyles:r1126788409">.mw-parser-output .plainlist ol,.mw-parser-output .plainlist ul{line-height:inherit;list-style:none;margin:0;padding:0}.mw-parser-output .plainlist ol li,.mw-parser-output .plainlist ul li{margin-bottom:0}</style> <div class="side-box-abovebelow"> <b>Multi-factor authentication</b> at Wikipedia's <a href="/wiki/Wikipedia:Wikimedia_sister_projects" title="Wikipedia:Wikimedia sister projects"><span id="sister-projects">sister projects</span></a></div> <div class="side-box-flex"> <div class="side-box-text plainlist"><ul><li><span class="sister-logo"><span class="mw-valign-middle" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/0/06/Wiktionary-logo-v2.svg/27px-Wiktionary-logo-v2.svg.png" decoding="async" width="27" height="27" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/0/06/Wiktionary-logo-v2.svg/41px-Wiktionary-logo-v2.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/0/06/Wiktionary-logo-v2.svg/54px-Wiktionary-logo-v2.svg.png 2x" data-file-width="391" data-file-height="391" /></span></span></span><span class="sister-link"><a href="https://en.wiktionary.org/wiki/2FA" class="extiw" title="wikt:2FA">Definitions</a> from Wiktionary</span></li><li><span class="sister-logo"><span class="mw-valign-middle" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/20px-Commons-logo.svg.png" decoding="async" width="20" height="27" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/30px-Commons-logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/40px-Commons-logo.svg.png 2x" data-file-width="1024" data-file-height="1376" /></span></span></span><span class="sister-link"><a href="https://commons.wikimedia.org/wiki/Category:Authentication_methods" class="extiw" title="c:Category:Authentication methods">Media</a> from Commons</span></li><li><span class="sister-logo"><span class="mw-valign-middle" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/27px-Wikibooks-logo.svg.png" decoding="async" width="27" height="27" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/41px-Wikibooks-logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/54px-Wikibooks-logo.svg.png 2x" data-file-width="300" data-file-height="300" /></span></span></span><span class="sister-link"><a href="https://en.wikibooks.org/wiki/Basic_Computer_Security" class="extiw" title="b:Basic Computer Security">Textbooks</a> from Wikibooks</span></li><li><span class="sister-logo"><span class="mw-valign-middle" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Wikiversity_logo_2017.svg/27px-Wikiversity_logo_2017.svg.png" decoding="async" width="27" height="22" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Wikiversity_logo_2017.svg/41px-Wikiversity_logo_2017.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Wikiversity_logo_2017.svg/54px-Wikiversity_logo_2017.svg.png 2x" data-file-width="626" data-file-height="512" /></span></span></span><span class="sister-link"><a href="https://en.wikiversity.org/wiki/IT_Security/Access_Control/Authentication_and_Authorization" class="extiw" title="v:IT Security/Access Control/Authentication and Authorization">Resources</a> from Wikiversity</span></li><li><span class="sister-logo"><span class="mw-valign-middle" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/commons/thumb/f/ff/Wikidata-logo.svg/27px-Wikidata-logo.svg.png" decoding="async" width="27" height="15" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/f/ff/Wikidata-logo.svg/41px-Wikidata-logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/f/ff/Wikidata-logo.svg/54px-Wikidata-logo.svg.png 2x" data-file-width="1050" data-file-height="590" /></span></span></span><span class="sister-link"><a href="https://www.wikidata.org/wiki/Q7878662" class="extiw" title="d:Q7878662">Data</a> from Wikidata</span></li><li><span class="sister-logo"><span class="mw-valign-middle" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/27px-Wikimedia_Community_Logo.svg.png" decoding="async" width="27" height="27" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/41px-Wikimedia_Community_Logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/54px-Wikimedia_Community_Logo.svg.png 2x" data-file-width="900" data-file-height="900" /></span></span></span><span class="sister-link"><a href="https://meta.wikimedia.org/wiki/Help:Two-factor_authentication" class="extiw" title="m:Help:Two-factor authentication">Discussions</a> from Meta-Wiki</span></li><li><span class="sister-logo"><span class="mw-valign-middle" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/commons/thumb/a/a6/MediaWiki-2020-icon.svg/27px-MediaWiki-2020-icon.svg.png" decoding="async" width="27" height="27" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/a/a6/MediaWiki-2020-icon.svg/41px-MediaWiki-2020-icon.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/a/a6/MediaWiki-2020-icon.svg/54px-MediaWiki-2020-icon.svg.png 2x" data-file-width="100" data-file-height="100" /></span></span></span><span class="sister-link"><a href="https://www.mediawiki.org/wiki/Help:Two-factor_authentication" class="extiw" title="mw:Help:Two-factor authentication">Documentation</a> from MediaWiki</span></li></ul></div></div> </div> <ul><li><a rel="nofollow" class="external text" href="https://www.twofactorauth.org/">TwoFactorAuth.org</a> - TwoFactorAuth.org - An in-depth online resource for (2FA) and all it entails</li> <li><a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2011/03/18/rsa_breach_leaks_securid_data/">Attackers breached the servers of RSA and stole information that could be used to compromise the security of two-factor authentication tokens used by 40 million employees (register.com, 18 Mar 2011)</a></li> <li><a rel="nofollow" class="external text" href="http://it.slashdot.org/article.pl?sid=05/10/19/2340245&tid=172&tid=95">Banks to Use Two-factor Authentication by End of 2006</a>, (slashdot.org, 20 Oct 2005)</li> <li><a rel="nofollow" class="external text" href="https://web.archive.org/web/20081011073929/http://www.vnunet.com/vnunet/news/2126966/microsoft-abandon-passwords">Microsoft to abandon passwords</a>, Microsoft preparing to dump <a href="/wiki/Password" title="Password">passwords</a> in favour of two-factor authentication in forthcoming versions of Windows (vnunet.com, 14 Mar 2005)</li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Information_security" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="3"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Information_security" title="Template:Information security"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Information_security" title="Template talk:Information security"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Information_security" title="Special:EditPage/Template:Information security"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Information_security" style="font-size:114%;margin:0 4em"><a href="/wiki/Information_security" title="Information security">Information security</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Related security categories</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Computer_security" title="Computer security">Computer security</a></li> <li><a href="/wiki/Automotive_security" title="Automotive security">Automotive security</a></li> <li><a href="/wiki/Cybercrime" title="Cybercrime">Cybercrime</a> <ul><li><a href="/wiki/Cybersex_trafficking" title="Cybersex trafficking">Cybersex trafficking</a></li> <li><a href="/wiki/Computer_fraud" title="Computer fraud">Computer fraud</a></li></ul></li> <li><a href="/wiki/Cybergeddon" title="Cybergeddon">Cybergeddon</a></li> <li><a href="/wiki/Cyberterrorism" title="Cyberterrorism">Cyberterrorism</a></li> <li><a href="/wiki/Cyberwarfare" title="Cyberwarfare">Cyberwarfare</a></li> <li><a href="/wiki/Electromagnetic_warfare" class="mw-redirect" title="Electromagnetic warfare">Electromagnetic warfare</a></li> <li><a href="/wiki/Information_warfare" title="Information warfare">Information warfare</a></li> <li><a href="/wiki/Internet_security" title="Internet security">Internet security</a></li> <li><a href="/wiki/Mobile_security" title="Mobile security">Mobile security</a></li> <li><a href="/wiki/Network_security" title="Network security">Network security</a></li> <li><a href="/wiki/Copy_protection" title="Copy protection">Copy protection</a></li> <li><a href="/wiki/Digital_rights_management" title="Digital rights management">Digital rights management</a></li></ul> </div></td><td class="noviewer navbox-image" rowspan="3" style="width:1px;padding:0 0 0 2px"><div><figure class="mw-halign-center" typeof="mw:File"><a href="/wiki/File:CIAJMK1209-en.svg" class="mw-file-description" title="vectorial version"><img alt="vectorial version" src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/150px-CIAJMK1209-en.svg.png" decoding="async" width="150" height="150" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/225px-CIAJMK1209-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/300px-CIAJMK1209-en.svg.png 2x" data-file-width="496" data-file-height="496" /></a><figcaption>vectorial version</figcaption></figure></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Threat_(computer)" class="mw-redirect" title="Threat (computer)">Threats</a></th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">Advanced persistent threat</a></li> <li><a href="/wiki/Arbitrary_code_execution" title="Arbitrary code execution">Arbitrary code execution</a></li> <li><a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">Backdoors</a></li> <li>Bombs <ul><li><a href="/wiki/Fork_bomb" title="Fork bomb">Fork</a></li> <li><a href="/wiki/Logic_bomb" title="Logic bomb">Logic</a></li> <li><a href="/wiki/Time_bomb_(software)" title="Time bomb (software)">Time</a></li> <li><a href="/wiki/Zip_bomb" title="Zip bomb">Zip</a></li></ul></li> <li><a href="/wiki/Hardware_backdoor" title="Hardware backdoor">Hardware backdoors</a></li> <li><a href="/wiki/Code_injection" title="Code injection">Code injection</a></li> <li><a href="/wiki/Crimeware" title="Crimeware">Crimeware</a></li> <li><a href="/wiki/Cross-site_scripting" title="Cross-site scripting">Cross-site scripting</a></li> <li><a href="/wiki/Cross-site_leaks" title="Cross-site leaks">Cross-site leaks</a></li> <li><a href="/wiki/DOM_clobbering" title="DOM clobbering">DOM clobbering</a></li> <li><a href="/wiki/History_sniffing" title="History sniffing">History sniffing</a></li> <li><a href="/wiki/Cryptojacking" title="Cryptojacking">Cryptojacking</a></li> <li><a href="/wiki/Botnet" title="Botnet">Botnets</a></li> <li><a href="/wiki/Data_breach" title="Data breach">Data breach</a></li> <li><a href="/wiki/Drive-by_download" title="Drive-by download">Drive-by download</a></li> <li><a href="/wiki/Browser_Helper_Object" title="Browser Helper Object">Browser Helper Objects</a></li> <li><a href="/wiki/Computer_virus" title="Computer virus">Viruses</a></li> <li><a href="/wiki/Data_scraping" title="Data scraping">Data scraping</a></li> <li><a href="/wiki/Denial-of-service_attack" title="Denial-of-service attack">Denial-of-service attack</a></li> <li><a href="/wiki/Eavesdropping" title="Eavesdropping">Eavesdropping</a></li> <li><a href="/wiki/Email_fraud" title="Email fraud">Email fraud</a></li> <li><a href="/wiki/Email_spoofing" title="Email spoofing">Email spoofing</a></li> <li><a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">Exploits</a></li> <li><a href="/wiki/Dialer#Fraudulent_dialer" title="Dialer">Fraudulent dialers</a></li> <li><a href="/wiki/Hacktivism" title="Hacktivism">Hacktivism</a></li> <li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a href="/wiki/Insecure_direct_object_reference" title="Insecure direct object reference">Insecure direct object reference</a></li> <li><a href="/wiki/Keystroke_logging" title="Keystroke logging">Keystroke loggers</a></li> <li><a href="/wiki/Malware" title="Malware">Malware</a></li> <li><a href="/wiki/Payload_(computing)" title="Payload (computing)">Payload</a></li> <li><a href="/wiki/Phishing" title="Phishing">Phishing</a> <ul><li><a href="/wiki/Voice_phishing" title="Voice phishing">Voice</a></li></ul></li> <li><a href="/wiki/Polymorphic_engine" title="Polymorphic engine">Polymorphic engine</a></li> <li><a href="/wiki/Privilege_escalation" title="Privilege escalation">Privilege escalation</a></li> <li><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></li> <li><a href="/wiki/Rootkit" title="Rootkit">Rootkits</a></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Shellcode" title="Shellcode">Shellcode</a></li> <li><a href="/wiki/Spamming" title="Spamming">Spamming</a></li> <li><a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">Social engineering</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Software_bug" title="Software bug">Software bugs</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horses</a></li> <li><a href="/wiki/Hardware_Trojan" title="Hardware Trojan">Hardware Trojans</a></li> <li><a href="/wiki/Remote_access_trojan" class="mw-redirect" title="Remote access trojan">Remote access trojans</a></li> <li><a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">Vulnerability</a></li> <li><a href="/wiki/Web_shell" title="Web shell">Web shells</a></li> <li><a href="/wiki/Wiper_(malware)" title="Wiper (malware)">Wiper</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Worms</a></li> <li><a href="/wiki/SQL_injection" title="SQL injection">SQL injection</a></li> <li><a href="/wiki/Rogue_security_software" title="Rogue security software">Rogue security software</a></li> <li><a href="/wiki/Zombie_(computing)" title="Zombie (computing)">Zombie</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Defenses</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Application_security" title="Application security">Application security</a> <ul><li><a href="/wiki/Secure_coding" title="Secure coding">Secure coding</a></li> <li>Secure by default</li> <li><a href="/wiki/Secure_by_design" title="Secure by design">Secure by design</a> <ul><li><a href="/wiki/Misuse_case" title="Misuse case">Misuse case</a></li></ul></li></ul></li> <li><a href="/wiki/Computer_access_control" title="Computer access control">Computer access control</a> <ul><li><a href="/wiki/Authentication" title="Authentication">Authentication</a> <ul><li><a class="mw-selflink selflink">Multi-factor authentication</a></li></ul></li> <li><a href="/wiki/Authorization" title="Authorization">Authorization</a></li></ul></li> <li><a href="/wiki/Computer_security_software" title="Computer security software">Computer security software</a> <ul><li><a href="/wiki/Antivirus_software" title="Antivirus software">Antivirus software</a></li> <li><a href="/wiki/Security-focused_operating_system" title="Security-focused operating system">Security-focused operating system</a></li></ul></li> <li><a href="/wiki/Data-centric_security" title="Data-centric security">Data-centric security</a></li> <li><a href="/wiki/Code_obfuscation" class="mw-redirect" title="Code obfuscation">Obfuscation (software)</a></li> <li><a href="/wiki/Data_masking" title="Data masking">Data masking</a></li> <li><a href="/wiki/Encryption" title="Encryption">Encryption</a></li> <li><a href="/wiki/Firewall_(computing)" title="Firewall (computing)">Firewall</a></li> <li><a href="/wiki/Intrusion_detection_system" title="Intrusion detection system">Intrusion detection system</a> <ul><li><a href="/wiki/Host-based_intrusion_detection_system" title="Host-based intrusion detection system">Host-based intrusion detection system</a> (HIDS)</li> <li><a href="/wiki/Anomaly_detection" title="Anomaly detection">Anomaly detection</a></li></ul></li> <li><a href="/wiki/Information_security_management" title="Information security management">Information security management</a> <ul><li><a href="/wiki/Information_risk_management" class="mw-redirect" title="Information risk management">Information risk management</a></li> <li><a href="/wiki/Security_information_and_event_management" title="Security information and event management">Security information and event management</a> (SIEM)</li></ul></li> <li><a href="/wiki/Runtime_application_self-protection" title="Runtime application self-protection">Runtime application self-protection</a></li> <li><a href="/wiki/Site_isolation" title="Site isolation">Site isolation</a></li></ul> </div></td></tr></tbody></table></div>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Multi-factor_authentication&oldid=1256350487">https://en.wikipedia.org/w/index.php?title=Multi-factor_authentication&oldid=1256350487</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Authentication_methods" title="Category:Authentication methods">Authentication methods</a></li><li><a href="/wiki/Category:Computer_access_control" title="Category:Computer access control">Computer access control</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Wikipedia_articles_with_style_issues_from_December_2020" title="Category:Wikipedia articles with style issues from December 2020">Wikipedia articles with style issues from December 2020</a></li><li><a href="/wiki/Category:All_articles_with_style_issues" title="Category:All articles with style issues">All articles with style issues</a></li><li><a href="/wiki/Category:Articles_needing_additional_references_from_January_2021" title="Category:Articles needing additional references from January 2021">Articles needing additional references from January 2021</a></li><li><a href="/wiki/Category:All_articles_needing_additional_references" title="Category:All articles needing additional references">All articles needing additional references</a></li><li><a href="/wiki/Category:Articles_with_multiple_maintenance_issues" title="Category:Articles with multiple maintenance issues">Articles with multiple maintenance issues</a></li><li><a href="/wiki/Category:All_articles_with_unsourced_statements" title="Category:All articles with unsourced statements">All articles with unsourced statements</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_September_2023" title="Category:Articles with unsourced statements from September 2023">Articles with unsourced statements from September 2023</a></li><li><a href="/wiki/Category:Wikipedia_articles_needing_clarification_from_October_2023" title="Category:Wikipedia articles needing clarification from October 2023">Wikipedia articles needing clarification from October 2023</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_May_2023" title="Category:Articles with unsourced statements from May 2023">Articles with unsourced statements from May 2023</a></li><li><a href="/wiki/Category:All_articles_with_failed_verification" title="Category:All articles with failed verification">All articles with failed verification</a></li><li><a href="/wiki/Category:Articles_with_failed_verification_from_October_2023" title="Category:Articles with failed verification from October 2023">Articles with failed verification from October 2023</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_October_2023" title="Category:Articles with unsourced statements from October 2023">Articles with unsourced statements from October 2023</a></li><li><a href="/wiki/Category:Pages_using_Sister_project_links_with_hidden_wikidata" title="Category:Pages using Sister project links with hidden wikidata">Pages using Sister project links with hidden wikidata</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 9 November 2024, at 14:18<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Multi-factor_authentication&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-f69cdc8f6-r8l5s","wgBackendResponseTime":173,"wgPageParseReport":{"limitreport":{"cputime":"0.826","walltime":"1.031","ppvisitednodes":{"value":5032,"limit":1000000},"postexpandincludesize":{"value":156034,"limit":2097152},"templateargumentsize":{"value":15944,"limit":2097152},"expansiondepth":{"value":17,"limit":100},"expensivefunctioncount":{"value":11,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":180072,"limit":5000000},"entityaccesscount":{"value":1,"limit":400},"timingprofile":["100.00% 887.176 1 -total"," 43.28% 383.948 1 Template:Reflist"," 15.66% 138.894 5 Template:Cite_journal"," 13.94% 123.659 29 Template:Cite_web"," 11.21% 99.488 1 Template:Multiple_issues"," 9.70% 86.028 1 Template:Computer_security"," 9.29% 82.397 1 Template:Navbox"," 8.32% 73.774 1 Template:Short_description"," 6.77% 60.104 1 Template:Sisterlinks"," 6.23% 55.315 2 Template:Ambox"]},"scribunto":{"limitreport-timeusage":{"value":"0.504","limit":"10.000"},"limitreport-memusage":{"value":7100813,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-f69cdc8f6-486j8","timestamp":"20241124005412","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Multi-factor authentication","url":"https:\/\/en.wikipedia.org\/wiki\/Multi-factor_authentication","sameAs":"http:\/\/www.wikidata.org\/entity\/Q7878662","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q7878662","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2009-05-12T07:46:26Z","dateModified":"2024-11-09T14:18:41Z","image":"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/f\/f2\/U2F_Hardware_Authentication_Security_Keys_%28Yubico_Yubikey_4_and_Feitian_MultiPass_FIDO%29_%2842286852310%29.jpg","headline":"authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism"}</script> </body> </html>