Multi-factor authentication (MFA) is a security mechanism that verifies a user's identity for a login or other transaction by requiring multiple ways of verification from separate categories of credentials. Multi-factor authentication combines two or more distinct credentials: what the user knows, such as a password; what the user owns, such as a security token; and who the user is, as determined by biometric verification methods. The purpose of multi-factor authentication is to construct a layered defense that makes it more difficult for an unauthorized person to access a target, such as a physical location, computing device, network, or database. Even if one element is compromised or damaged, the attacker still needs to get through at least one or more barriers before breaking into the target.