There are many ways of authenticating a user, which can be divided into three broad categories known as authentication factors :
1. Something you know: Such as a secret password
2. Something you have: Like a key or physical device
3. Something you are: This refers to biometric factors, such as your unique fingerprint or iris pattern
Any one of these methods is one authentication factor. There are, however, problems with any authentication system that only uses one factor of authentication.
Something you know or a password is not enough to secure a system. If it is known by an adversary, it becomes useless in keeping information private and preventing unauthorized access.
Something you have or an authentication token is not much better. If it is lost or stolen, anyone who gets hold of it can easily impersonate the owner and access the system.
Something you are or biometrics, although claimed to be more secure, is not without security issues. Losing control of a biometric database is said to be even worse than losing a password database. The reason is that changing a password does not require a lot of effort, but changing biometric data is not as easy, whether it is physiological or behavioral.
Any individual factor of authentication may be compromised. People choose weak passwords or write them down on notes attached to their computer screen, and they mislay physical devices. Although biometric factors can be appealing, they often have high error rates. For this reason, the most secure authentication systems require two or more different factors.
Users are now realising how important it is to have a more secure mechanism that can prevent their data from being exposed as easily as it has been. And so startups are increasingly adopting two-factor authentication (2FA) and multi-factor authentication (MFA) mechanisms in their product roadmap.