Multi-factor authentication requires two or more different categories of authentication factors. The standard categories are something you know, something you have, and something you are. Answering a security question is something you know, while providing a thumbprint is something you are, so answer A is MFA. Entering a PIN is something you know, while scanning a smart card is something you have, so answer B is also MFA. Scanning the palm of one hand followed by the other hand uses the same factor category twice: biometrics, or something you are. That may be stronger biometric checking, but it is not multi-factor. Answering three sequential security questions also repeats the knowledge factor and therefore remains single-factor authentication. MFA improves identity security because stolen passwords alone are less useful to attackers when another independent proof is required. Strong MFA should use phishing-resistant methods where possible. Reference/topics: Identity Security 7.1.2, single-factor and multifactor authentication.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit