A method used by online services in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. These systems often rely on an item that is known (e.g. a password) and something the user has (e.g. their phone).