Multi-factor using text message


When requesting access to data, this type of multi-factor authentication involves a person entering a code sent in a text message to their nominated phone.

The code is specific to that person, is single use and expires after a short amount of time. If the person enters a valid code, it is assumed that they have physical ownership over a mobile phone.

Passwords can be guessed or stolen, so by requiring extra information sent to a device controlled by a particular person, it increases the confidence that the request to access data should be allowed.