A security feature that requires multiple pieces of information to confirm the identity of someone requesting access to an online resource such as an electronic health record, patient portal or bank account.
Deeper Dive
Deep dive:
In an era of increasing data breaches, banks, hospitals and other institutions are more frequently turning to this type of security feature. Requiring people to confirm their identity in several ways provides greater reassurance that they really are who they claim to be, which reduces the risk of unauthorized access to sensitive data.
For example, beyond using your username and password to access an online account, the account you are trying to access may prompt for a PIN number, an answer to a security question like “What was the name of your childhood pet?” or a one-time code sent by text message to your cell phone.
It’s broken down into three categories:
- Something you know, like a password or answer to a security question.
- Something you have, like a one-time password or code.
- Something you are, like using a fingerprint or facial recognition.
In the future, artificial intelligence and machine learning could be used to recognize behaviors that indicate whether a given access request is “normal” and may not require additional authentication.
For more information, see https://www.rsa.com/multi-factor-authentication/what-is-mfa/.