Multi-Factor Authentication

By Cybersecurity & Infrastructure Security Agency


Multi-factor authentication (MFA) is a layered approach to securing physical and logical access where a system requires a user to present a combination of two or more different authenticators to verify a user’s identity for login. MFA increases security because even if one authenticator becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space or computer system.


Implementing MFA makes it more difficult for a threat actor to gain access to business premises and information systems, such as remote access technology, email, and billing systems, even if passwords or PINs are compromised through phishing attacks or other means.

Adversaries are increasingly capable of guessing or harvesting passwords to gain illicit access. Password cracking techniques are becoming more sophisticated and high-powered computing is increasingly affordable. In addition, adversaries harvest credentials through phishing emails or by identifying passwords reused from other systems. MFA adds a strong protection against account takeover by greatly increasing the level of difficulty for adversaries.


MFA requires users to present two or more authentication factors at login to verify their identity before they are granted access. Each additional authentication factor added to the login process increases security. A typical MFA login would require the user to present some combination of the following:

For example, MFA could require users to insert a smart card or a bank card into a card reader (first factor) and then enter a password or a PIN (second factor). An unauthorized user in possession of the card would not be able to log in without also knowing the password; likewise, the password is useless without physical access to the card.

Consider enforcing MFA on Internet-facing systems, such as email, remote desktop, and Virtual Private Network (VPNs). Implementation schedules, costs, adoption willingness, and the degree of protection provided vary depending on the solutions selected and the platforms to be protected, so match the capability to the need.

If you have questions or suggestions regarding this product, please feel free to contact CISA Central at and reference the Multi-factor Authentication document in the subject line.

Principal Owner, Law Firm

Our law firm uses IT360, Inc. for all of our technology needs. They not only provide outstanding service at a reasonable fee, but we consider them an integral part of our practice.

Principal Owner, Law Firm

Technology News

IT 360 News - Elevate Your Communication with IT360’s Advanced Phone Solutions
Elevate Your Communication with IT360’s Advanced Phone Solutions

Unleash the Power of Seamless Connectivity Welcome to IT360, where cutting-edge technology meets unparalleled communication efficiency. Our advanced phone systems are expertly designed to cater to the diverse needs of modern businesses, ensuring you stay connected in today’s fast-paced world. Transform your business’s communication infrastructure into a robust, adaptable, and scalable network with our solutions, […]

Read more
IT 360 News - Integrating AI into Your Daily Work: A Practical Guide
Integrating AI into Your Daily Work: A Practical Guide

Introduction Artificial Intelligence (AI) is revolutionizing the workplace, offering tools to enhance productivity, creativity, and decision-making. Starting with AI in your everyday work doesn’t require extensive technical knowledge. This guide provides practical steps and examples to seamlessly integrate AI into your work routine, focusing on the accessible platform Getting Started with AI Practical Uses […]

Read more