Strong authentication or Multi-Factor Authentication (MFA) applies to when the user provides more than one piece of information when authenticating. Providing, say, a password and using a token would be two factor authentication (2fa), and could also be classified as multi-factor authentication. Which two authentication factors is in use, does not matter regarding to be strong authentication or two factor authentication.

The user will provide two or more of the following

• Something you know (Type 1)
  • Password
  • Passphrase
  • Pin number
  • ...
• Something you have (Type 2)
  • Token
  • Smart card
  • ...
• Something you are (Type 3)
  • Retina scan
  • Fingerprint
  • Handprint
  • ...
• Somewhere you are (Type 4)
  • Geo location
  • GPS tracking
  • Callback system
  • ...
• Something you do
  • Keystroke Authentication
  • ...

Descriptions of type 4 and 5 are somewhat mixed together. Some documentation sometimes places "Somewhere you are" as type 4 if type 5 is not included. "Somewhere you are" may be type 5 if "Something you do", is included as type 4. Most documentation I have seen only includes type 1, type 2 and type 3. If someone can lead me to the true source of these types, let me know.

Some specific error types are related to biometrics

• Type 1 error. False Reject Rate (FRR). This occurs when a biometric system incorrectly rejects an authorized user.
• Type 2 error. False Accept Rate (FAR). This occurs when a biometric system incorrectly identifies an unauthorized user as an authorized user.

Note that multiple authentication and multi-factor authentication are not the same thing. Using a pin code and a password, are both are something you know. This is not multi factor authentication.