Frequently Asked Questions

< Back to search page

What is the difference between “multi-factor” authentication and “two-factor” authentication?

FAQ Response

The term “two-factor” was replaced with the term “multi-factor” in several requirements in PCI DSS v3.2 (Requirements 8.3, 8.3.1, 8.3.2, and 8.5.1). The intent of this change was to use more consistent terminology that accurately represents the meaning of the term. This is simply a change in naming convention and does not alter its definition, which is that at least two authentication factors are used in the authentication process.

June 2016
Article Number 1425