CyberSecurity FAQ - What is 1-, 2- and 3- factor authentication?

in the context of security in general, and cybersecurity in particular, authentication is the act of confirming of the truth of an attribute of a single piece of data (a datum) claimed true by an entity.

There are several levels of security authentication:

  • Single-Factor Authentication (SFA), where you need to provide at least one kind of credential, typically something that you know (see below), to authenticate;
  • Two-Factor Authentication (2FA), where you need to provide two out of three kinds of credentials to authenticate.
  • Three-Factor Authentication (3FA), where you need to provide three out of three kinds of credentials to authenticate.

The three kinds of credentials used to authenticate are listed below:

  • Something that you know, such as a password, a Personal Identification Number (PIN), or a geometric pattern.
  • Something that you have, such as an ATM card, credit card, mobile phone, or fob.
  • Something that you are, such as a biometric id (e.g., fingerprint, voiceprint, iris scan).