Multi-factor authentication

      Technique summary
    Technique Multi-factor authentication (MFA, sometimes 2FA)
    Against Clipboard attack, SMS attacks
    Limitations None
    Side effects None
    Recommendations Recommended for use

    Multi-factor authentication (MFA), or two-factor authentication (2FA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. For example, these two factors can be user's password and a one-time password generated with a third-party authenticator app.

    A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.

    To make the MFA resilient to SMS attacks, none of the factors should be an SMS text received on the user's device.

    Note that the TPA can still be vulnerable against other attacks, such as malicious accessibility services.


    Table of contents