Multi-Factor Authentication (MFA)


Multi-factor Authentication (MFA) is another method of securing your application and your users' identities. MFA adds a layer of security during login that requires users to provide more than one credential to prove their digital identity. Factors can be:

  • Something you are - like a biometric

  • Something you know - like a password

  • Something you own - like a device

Read this Q&A to see if using MFA with your Auth0 instance is the right choice for you.

What is multi-factor authentication?

Multi-factor authentication (MFA) is a user verification method that requires more than one type of user validation. It prevents bad actors from accessing an account even if they've acquired the username and password.

Why use multi-factor authentication?

MFA reduces the likelihood of many types of cyber-attacks. It's common for third parties to steal user names and passwords or programmatically attack user accounts. An additional MFA factor, such as a thumbprint or one-time password, impedes these violations.

How does multi-factor authentication work?

MFA works by requiring additional verification information (known as factors). Users can't log in using only user names and passwords. They must provide further proof of identity, such as face recognition or text message notifications.

MFA factors

Auth0 supports a variety of MFA factors, including:

  • Push notifications

  • SMS notifications

  • Voice notifications

  • One-time passwords

  • WebAuthn with security keys

  • WebAuthn with device biometrics

  • Email notifications

  • Cisco Duo security

  • Recovery codes

To learn more, read Multi-Factor Authentication Factors.

Enable MFA

To learn how to enable MFA, read Enable Multi-Factor Authentication.

Customize MFA

You can also use Auth0 Actions to customize your MFA flow. You can require MFA only in specific circumstances or force use of a particular factor.

Learn more