Multi-factor authentication

1. Authentication mechanism requiring two or more of the following: something you know (such as a password), something you have (such as a token), something you are (for example, biometric authentication).

Source: Election Terminology Glossary - Draft, National Institute of Standards and Technology (NIST), https://pages.nist.gov/ElectionGlossary/

2. Authentication mechanism requiring two or more of the following: something you know (e.g., a password), something you have (e.g., a token), something you are (e.g., biometrics).

Source: Information Technology Terminology, U.S. Election Assistance Commission, https://www.eac.gov/documents/2017/09/21/information-technology-terminology-security

3. Authentication using two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something that identifies who you are (e.g., biometric).

Source: The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/fils/publication/StateLocalPlaybook%201.1.pdf

4. 5. Authentication using two or more factors to achieve authentication. Factors include something you know, something you have, or something you are.

Source: U.S. Cyberspace Solarium Commission, March 2020, https://subscriber.politicopro.com/f/?id=00000170-c638-d8f7-a7f1-f63b33510000

5. The use of many pieces of information (as opposed to just a password) to prove one’s identity to a computer or website. Authentication is how the computer system knows that the person using it is who they say they are. Most commonly this is done by using a password, a single “factor”. Because humans are generally very bad at picking hard to guess passwords, or may be tricked into entering their password information into phishing sites, passwords are increasingly insufficient alone. The most common other “factors” are 6-digit codes sent via text message or provided by an authenticator smartphone app. A more secure, but less common, factor is the security key—a physical device that resembles a USB memory stick. Using password and something like a security key or a number that was sent to your phone uses two factors, and is therefore referred to as two-factor authentication.

Source: Election Cybersecurity 101 Field Guide – Glossary, Center for Democracy & Technology, https://cdt.org/insight/election-cybersecurity-101-field-guide-glossary/