Frequently Asked Question

Is “two-step” authentication the same as “two-factor” or “multi-factor” authentication?
“Two-step” or “multi-step” authentication is not the same as “two-factor” or “multi-factor”. “Two-step” or “multi-step” authentication involves the subsequent presentation of one or more authentication steps after the first authentication step is successfully performed. This approach is not the same as “multi-factor” authentication, as even though the overall process may rely on multiple authentication methods, each step relies on a single authentication factor.
Refer to the Information Supplement: Multi-Factor Authentication Guidance, available under Guidance Documents in the PCI SSC Document Library, for further guidance.
Refer to the Information Supplement: Multi-Factor Authentication Guidance, available under Guidance Documents in the PCI SSC Document Library, for further guidance.
February 2017
Article Number: 1426
Related
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?