Multi-factor authentication is a paradigm that requires two separate pieces of information ("factors") in order to verify a user's identity. A factor is information that a user knows (password, PIN, etc.), has (id card, smard card, etc.), or is (aka "biometrics" i.e. fingerprint, hand scan, etc). Requiring an additional factor presents an additional challenge to a potentially malicious user as they have to compromise two separate authentication mechanisms to compromise an account. A common example of two-factor authentication is a debit/ATM card combined with a PIN. Without both the card and its corresponding PIN, one is unable to access the account the card is bound to. Similarly in multi-factor authentication, you will supply your username and password along with an additional authentication factor only you should be able to provide.

Modern technology allows for more convenient and secure additional authentication factors, such as unique random one-time passwords. Smartphones provide an additional level of convenience by providing apps that offer easy-to-use multi-factor capabilities to the everyday user. The University of Vermont uses Duo Security's telephony/mobile device based solutions to provide multi-factor capabilities. In cases where a telephony/mobile device is not plausible/possible, UVM does support YubiKey hardware tokens as an additional cost.