Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) combines several independent factors to verify a user's identity when accessing a system or application.

Jun 3, 20262 min read

Multi-factor authentication (MFA) is a security procedure that uses two or more independent factors from different categories to confirm a user’s identity. It is considered one of the most important measures for securing user accounts. In addition to the usual standard login credentials such as username and password, at least one further form of identity verification is required.

Authentication factors can be divided into three basic categories:

Knowledge – something the user knows (e.g., a password or PIN)
Possession – something the user has (e.g., a smartphone or hardware token)
Inherence – something the user is (e.g., biometric characteristics such as a fingerprint or facial recognition)

By combining multiple independent factors, MFA significantly increases the security of authentication processes and makes it more difficult for attackers to gain unauthorized access to accounts or sensitive data.

Difference Between MFA and Two-Factor Authentication

In many cases, MFA is equated with two-factor authentication (2FA). In fact, two-factor authentication is a specific form of multi-factor authentication that combines exactly two factors.

While MFA can generally include two or more factors, 2FA is limited to two proofs of identity. In practice, both terms are often used synonymously, as authentication methods usually employ exactly two factors.

A detailed explanation of how 2FA works, typical authentication methods, and practical application scenarios can be found in the glossary entry on two-factor authentication (2FA).

Necessity of an identity and access management system embodied by two hands holding identities in form of circles with anonymous personas inside.

Identity and Access Management (IAM) - Why It Matters and What You Need to …

May 22, 20266 min read

IAM systems deserve much more attention – they may work under the hood, but they are the very key to all data and functionality of an online service.

A hacker sits in front of a screen trying to gain access to a user account; a digital stopwatch is running next to him.

How Quickly Can a Password Be Cracked, or How Quickly Can a Hacker Gain …

May 5, 20269 min read

From seconds to practically impossible: How passwords, passphrases and passkeys affect the security of login systems.

Against a dark background, symbols such as Security, 2FA or Adaptability show what a modern access system is all about.

What is Expected of a Modern Authentication System Today?

Apr 14, 20269 min read

A modern access system must be equally convincing in the areas of security, ease of administration, easy adaptability to customer needs and user-friendliness.

A marionette made of dark wood, representing social engineering and moved by a hand, next to a smartphone with a warning message on the display, symbolizing an attack on a two-factor authentication system.

Are Two-Factor Authentication Methods Always Secure? And What Does Social …

Mar 26, 20266 min read

Cybercriminals bypass two-factor authentication through manipulation of humans (also known as “social engineering”).

A black theater mask representing evil lies next to a white theater mask representing good.

Cloaking (Phishing)

Nov 11, 20257 min read

Using cloaking to fake legitimate websites to obtain personal user data through phishing.

Arranged in a circle on a blackboard are the different types of password attacks, such as brute force, keyloggers, man-in-the-middle, dictionary attacks, phishing, and credential stuffing.

What is the Best Protection Against Hacker Attacks, or How Can I Protect …

Oct 28, 202513 min read

The last part of our hacking series describes how we can best protect ourselves against hacker attacks and how we as users can reduce the risk of attack as much as possible.

A key is symbolically placed in a data cloud in front of a dark blue wall, and both symbols look like LED neon signs.

OpenID Connect Provider: How to Find the Right Partner for A Seamless …

Oct 7, 202513 min read

As an open standard, OpenID Connect offers a secure and consistent way to verify user identities across different applications and services.

As with password spraying, a hacker sprays a weak password such as Password1123$ on a wall.

Password-Spraying-Attack

Aug 5, 20254 min read

Password spraying is a method used by hackers to gain access to a large number of user accounts using a few simple but frequently used passwords.

An attacker sits at a laptop and attempts to login to another application using stolen login credentials.

What is Credential Stuffing?

Jul 1, 202512 min read

Exploitation of compromised and stolen login data to gain access to other user accounts.

With a keylogger, keyboard strokes can be recorded, which is why the word keylogger is written in white letters on the red right shift key of a keyboard.

What is a Keylogger?

May 13, 20255 min read

Keylogger are malicious monitoring programs that collect sensitive data.

A castle with an EU flag and a fortress with a US flag are split by a bridge that is damaged and on fire.

EU Cybersecurity & Data Protection Update Q1-2025

Apr 8, 202517 min read

Engity's overview of the data protection and cybersecurity challenges that dominated the news headlines in the first quarter of 2025.

In a dictionary, under the initial letter A, the term attack, which symbolizes cyber-attacks, is shown enlarged by a magnifying glass.

What is a Dictionary Attack?

Feb 18, 20256 min read

Attackers try to hack user accounts by using conventional or special dictionaries.

1
2