Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Authentication using only one of the three factors (something you know, have, or are) to verify identity, providing weaker security than multi-factor authentication.
Single Factor Authentication Definition: Authentication using only one of the three factors (something you know, have, or are) to verify identity, providing weaker security than multi-factor authentication.
Involves the use of simply one of the three available factors solely to carry out the authentication process being requested. Single factor authentication relies on just one category of authentication factor: something you know (like a password), something you have (like a token), or something you are (like a fingerprint). While simpler to implement and use than multi-factor authentication, it provides weaker security by creating a single point of failure. Single factor authentication limitations are addressed in standards like NIST SP 800-63, PCI DSS, and numerous regulatory frameworks. Organizations typically implement stronger authentication for sensitive systems while using risk-based approaches to determine where single factor authentication may be acceptable. For example, a company might implement password-based single factor authentication for accessing general corporate information with compensating controls like strong password policies, account lockout, and monitoring, but require multi-factor authentication for accessing financial systems, privileged accounts, or customer data. Related terms: Authentication factor, Multi-factor authentication, Password authentication, Biometric authentication, Token authentication, Authentication strength, Security vs. usability, Risk-based authentication.
Single Factor Authentication is one of the topics you'll master in the Security+ Boot Camp.
Security+ Boot Camp →