Which of the following is required for two-factor authentication? [choose all that apply]

Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

• Article
• 08/25/2022
• 2 minutes to read

In this article

Multi-factor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone or a fingerprint scan.

If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access. When you require a second form of authentication, security is increased because this additional factor isn't something that's easy for an attacker to obtain or duplicate.

Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:

• Something you know, typically a password.
• Something you have, such as a trusted device that's not easily duplicated, like a phone or hardware key.
• Something you are - biometrics like a fingerprint or face scan.

Azure AD Multi-Factor Authentication can also further secure password reset. When users register themselves for Azure AD Multi-Factor Authentication, they can also register for self-service password reset in one step. Administrators can choose forms of secondary authentication and configure challenges for MFA based on configuration decisions.

You don't need to change apps and services to use Azure AD Multi-Factor Authentication. The verification prompts are part of the Azure AD sign-in, which automatically requests and processes the MFA challenge when needed.

Note

The prompt language is determined by browser locale settings. If you use custom greetings but don’t have one for the language identified in the browser locale, English is used by default. Network Policy Server (NPS) will always use English by default, regardless of custom greetings. English is also used by default if the browser locale can't be identified.

Available verification methods

When users sign in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. Users can access My Profile to edit or add verification methods.

The following additional forms of verification can be used with Azure AD Multi-Factor Authentication:

• Microsoft Authenticator app
• Windows Hello for Business
• FIDO2 security key
• OATH hardware token (preview)
• OATH software token
• SMS
• Voice call

You can use security defaults in Azure AD tenants to quickly enable Microsoft Authenticator for all users. You can enable Azure AD Multi-Factor Authentication to prompt users and groups for additional verification during sign-in.

For more granular controls, you can use Conditional Access policies to define events or applications that require MFA. These policies can allow regular sign-in when the user is on the corporate network or a registered device but prompt for additional verification factors when the user is remote or on a personal device.

Next steps

To learn about licensing, see Features and licenses for Azure AD Multi-Factor Authentication.

To learn more about different authentication and validation methods, see Authentication methods in Azure Active Directory.

To see MFA in action, enable Azure AD Multi-Factor Authentication for a set of test users in the following tutorial:

Additional resources

Additional resources

In this article

Two-factor authentication is designed to make sure that you're the only person who can access your account. Learn how it works and how to turn on two-factor authentication.

Two-factor authentication is an extra layer of security for your Apple ID, designed to make sure that you're the only one who can access your account—even if someone else knows your password. When you sign in with your Apple ID for the first time on a new device or on the web, you need both your password and the six-digit verification code that's automatically displayed on your trusted devices. Because just knowing your password isn't enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and the data that you store with Apple.

Two-factor authentication is the default security method for most Apple IDs. Certain Apple services and features, such as Apple Pay and Sign in with Apple, require two-factor authentication. We recommend that you use two-factor authentication and protect your device with a passcode (or login password on Mac) and Face ID or Touch ID, if your device supports it.

Learn about the availabilty and minimum system requirements for two-factor authentication

Turn on two-factor authentication for your Apple ID

If you're not using two-factor authentication for your Apple ID, you can turn it on right on your device or on the web:

• On your iPhone, iPad, or iPod touch: Go to Settings > your name > Password & Security. Tap Turn On Two-Factor Authentication. Then tap Continue and follow the onscreen instructions.
• On your Mac: Choose Apple menu  > System Settings (or System Preferences), then click your name (or Apple ID). Click Password & Security. Next to Two-Factor Authentication, click Turn On and follow the onscreen instructions.
• On the web: Go to appleid.apple.com and sign in with your Apple ID. Answer your security questions, then tap Continue. Tap Continue when you see a prompt to upgrade account security. Then tap Upgrade Account Security and follow the onscreen instructions.

If you're already using two-factor authentication with your Apple ID, you can't turn it off. If you updated to two-factor authentication inadvertently, you can turn it off within two weeks of enrollment. If you do, your account is less secure and you can't use features that require a higher level of security.

The first time that you sign in with your Apple ID on a new device

When you sign in with your Apple ID user name and password for the first time on a new device or the web, you'll receive a notification on your trusted devices that someone is trying to sign in with your Apple ID. The notification might include a map of the approximate location of the sign-in attempt. This location is based on the new device's IP address and might reflect the network that it's connected to, rather than the exact physical location. If you know that you're the person trying to sign in but don't recognize the location, you can still tap Allow and view the verification code. If you're not the one trying to sign in, tap Don't Allow to block the sign-in attempt.

When you enter the verification code on your new device or the web, you verify that you trust the device on which you're signing in. You might also be asked to enter the passcode of one of your devices to access any end-to-end encrypted content stored in iCloud.

After you sign in, you won't be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won't be asked for a verification code again on that computer for 30 days.

If you don't have a trusted device with you

If you're trying to sign in and don't have a trusted device with you that can display verification codes, you can tap Didn't Get a Code on the sign-in screen and choose to send a code to one of your trusted phone numbers. This text message might include an additional domain validation line that includes the @ symbol, the website name, and your code (for example, @icloud.com #123456 %apple.com). Or you can get a code directly from Settings on a trusted device.

Learn how to get a verification code

About trusted phone numbers and trusted devices

With two-factor authentication, a trusted device or trusted phone number helps verify your identity when you sign in to a new device or browser.

What is a trusted phone number?

To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. If you have a phone number that isn't associated with your trusted device, consider verifying it as an additional trusted phone number. If your iPhone is your only trusted device and it's missing or damaged, you won't be able to receive verification codes required to access your account.

To see, add, or change your trusted phone numbers:

• On your iPhone, iPad, or iPod touch: Go to Settings > your name > Password & Security. Next to Trusted Phone Number, tap Edit.
• Choose Apple menu  > System Settings (or System Preferences), then click your name (or Apple ID). Click Password & Security, then add or remove a trusted phone number.
• Go to the Account Security section of appleid.apple.com.

What is a trusted device?

A trusted device is an iPhone, iPad, iPod touch, Apple Watch, or Mac that you've already signed in to using two-factor authentication. It's a device that we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.

Learn how to see and manage your trusted devices

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: October 24, 2022

Which of the following is required for a two

Which of the following is required for two

What are the two factors used in two

Which of the following is an example of two