18.2.3. Multi-factor Authentication

18.2 Authentication and Authorization

Something You Know

Info only you should know

Passwords, PINs, patterns

Something You Have

Physical objects you possess

Smart cards, USB tokens, phones (SMS codes), authenticator apps

Something You Are

Biometric traits

Fingerprint, iris scan, voice, face recognition

Somewhere You Are

Location-based data

GPS, IP address, geolocation

Something You Do

Behavior-based actions

Typing rhythm, gait, handwriting

MFA

MFA 🔐 = Extra layers of login security.

#### 🔐 Multi-Factor Authentication (MFA) (Layered Security)

📌 What it is?

Using two or more different factor types (e.g., "something you know" + "something you have")

📌 3 Common Factors:

1⃣ Something You Know – Password, PIN.

2⃣ Something You Have – Phone, smart card.

3⃣ Something You Are – Fingerprint, face scan.

📌 How to Implement?

✅ Use MFA apps (Google Authenticator, Microsoft Authenticator).

✅ Avoid SMS-based MFA (can be intercepted).

✅ Enforce MFA for high-privilege accounts.