Frequently Asked Question

Is "two-step" authentication the same as "two-factor" or "multi-factor" authentication?

'Two-step' or "multi-step" authentication is not the same as "two-factor" or 'multi-factor'. "Two-step" or "multi-step" authentication involves the subsequent presentation of one or more authentication steps after the first authentication step is successfully performed. This approach is not the same as "multi-factor" authentication, as even though the overall process may rely on multiple authentication methods, each step relies on a single authentication factor.

Refer to the Information Supplement: Multi-Factor Authentication Guidance, available under Guidance Documents in the PCI SSC Document Library, for further guidance.
Last updated: February 2017
Originally published: June 2016
Article Number: 1426

Featured FAQ Articles