Two-step, two-factor, or multi-factor authentication is an authentication method in which a person is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:
- knowledge (something the user and only the user knows),
- possession (something the user and only the user has), and/or
- inherence (something the user and only the user is).
Any two-step or multi-factor authentication process at the University of Virginia must be:
a. a University-approved two factor authentication (e.g., Duo-based High Security VPN) or
b. a method that has been reviewed and approved by the University Information Security Office before use.
A good example of two-factor authentication is the withdrawing of money from an ATM. Only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.