multi-factor authentication - Glossary | CSRC
Archived: 2026-04-05 14:56:00 UTC
  The means used to confirm the identity of a user, process, or device (e.g., user password or token).
Sources:
CNSSI 4009-2015 under authenticator
  Authentication using two or more factors to achieve authentication. Factors include: (i) something you know
(e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification
device, token); or (iii) something you are (e.g., biometric). See authenticator.
Sources:
CNSSI 4009-2015 under multifactor authentication
  An authentication system that requires more than one distinct authentication factor for successful authentication.
Multifactor authentication can be performed using a multifactor authenticator or by a combination of
authenticators that provide different factors. The three authentication factors are something you know, something
you have, and something you are.
Sources:
NIST SP 1800-17b under Multifactor Authentication
NIST SP 1800-17c under Multifactor Authentication
  Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g.,
password/personal identification number); (ii) something you have (e.g., cryptographic identification device,
token); and (iii) something you are (e.g., biometric).
Sources:
NIST SP 1800-12b under multifactor authentication
  Something that the claimant possesses and controls (typically a cryptographic module or password) that is used
to authenticate the claimant’s identity. This was previously referred to as a token.
Sources:
NIST SP 800-53 Rev. 5 under authenticator
  An authentication system or an authenticator that requires more than one authentication factor for successful
authentication. Multi-factor authentication can be performed using a single authenticator that provides more than
one factor or by a combination of authenticators that provide different factors.
Sources:
NIST SP 800-53 Rev. 5
  The three authentication factors are something you know, something you have, and something you are. See
authenticator.
https://csrc.nist.gov/glossary/term/multi_factor_authentication
Page 1 of 3

Sources:
NIST SP 800-53 Rev. 5
  Authentication using two or more different factors to achieve authentication. Factors include something you
know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something
you are (e.g., biometric). See authenticator.
Sources:
NIST SP 800-172
  Authentication using two or more different factors to achieve authentication. Factors include something you
know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something
you are (e.g., biometric).
Sources:
NIST SP 800-172A under multifactor authentication
  Authentication using two or more factors to achieve authentication. Factors include: (i) something you know
(e.g., password/personal identification number [PIN]); (ii) something you have (e.g., cryptographic identification
device, token); or (iii) something you are (e.g., biometric).
Sources:
NIST SP 1800-27B under Multifactor Authentication
NIST SP 1800-27C under Multifactor Authentication from CNSSI 4009-2015
  Something the claimant possesses and controls (typically a cryptographic module or password) that is used to
authenticate the claimant’s identity. This was previously referred to as a token.
Sources:
NIST SP 800-171r3 under authenticator
  Authentication using two or more different factors to achieve authentication. Factors include something you
know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something
you are (e.g., biometric). See authenticator.
Sources:
NIST SP 800-171r3
  See authenticator type and multi-factor authenticator.
Sources:
NIST SP 800-63-4 [
] under authenticator
  An authentication system that requires more than one distinct type of authentication factor for successful
authentication. MFA can be performed using a multi-factor authenticator or by combining single-factor
authenticators that provide different types of factors.
Sources:
https://csrc.nist.gov/glossary/term/multi_factor_authentication
Page 2 of 3

NIST SP 800-63-4 []
NIST IR 8523 from NIST SP 800-63-4
  Something the claimant possesses and controls (typically a cryptographic module or password) that is used to
authenticate the claimant’s identity.
Sources:
NIST IR 8523 under authenticator from NIST SP 800-63-4
Source: https://csrc.nist.gov/glossary/term/multi_factor_authentication
https://csrc.nist.gov/glossary/term/multi_factor_authentication
Page 3 of 3