Within the context of IT, human user authentication is synonymous with login. However, two-factor authentication (2FA), multi-factor authentication (MFA), and adaptive multi-factor authentication (AMFA) can be applied to both login as well as step-up authentication which occurs after login; for example, during privilege elevation or checking out a vaulted credential.
Authentication can be knowledge-based — something you know, such as a password, possession-based — something you have, such as a YubiKey or mobile phone, or inherence-based — something you are such as a fingerprint.
2FA requires two of these factors for the user to prove who they are. MFA requires any number of factors greater than one. For example, two factors, or all three.
AMFA extends MFA by taking user and behavioral context into account, leveraging machine learning and a behavioral analytics engine. Over time, the AI and analytics engine learns a user’s typical behavior and uses this as a baseline to compare current activities. This results in a risk score that can be used in an access control policy to grant or deny access. One example might be a policy that simply allows access if the risk score is low, prompts for MFA if it’s medium, and rejects access and notifies IT security if high.