Multi-Factor Authentication (MFA)
Overview
Multi-factor Authentication (MFA) is another method of securing your application and your users' identities. MFA adds a layer of security during login that requires users to provide more than one credential to prove their digital identity. Factors can be:
Something you are - like a biometric
Something you know - like a password
Something you own - like a device
Read this Q&A to see if using MFA with your Auth0 instance is the right choice for you.
What is multi-factor authentication?
Multi-factor authentication (MFA) is a user verification method that requires more than one type of user validation. It prevents bad actors from accessing an account even if they've acquired the username and password.
Why use multi-factor authentication?
MFA reduces the likelihood of many types of cyber-attacks. It's common for third parties to steal user names and passwords or programmatically attack user accounts. An additional MFA factor, such as a thumbprint or one-time password, impedes these violations.
How does multi-factor authentication work?
MFA works by requiring additional verification information (known as factors). Users can't log in using only user names and passwords. They must provide further proof of identity, such as face recognition or text message notifications.
MFA factors
MFA factors are subject to plan availability; some are only available on Professional and Enterprise plans. To learn more, read Auth0 Pricing.
Auth0 supports a variety of MFA factors, including:
Push notifications
SMS notifications
Voice notifications
One-time passwords
WebAuthn with security keys
WebAuthn with device biometrics
Email notifications
Cisco Duo security
Recovery codes
To learn more, read Multi-Factor Authentication Factors.
Enable MFA
To learn how to enable MFA, read Enable Multi-Factor Authentication.
Customize MFA
You can also use Auth0 Actions to customize your MFA flow. You can require MFA only in specific circumstances or force use of a particular factor.