An approach to secure access control that requires users to provide two or more independent forms of identification or verification, such as a password, email token, sms token, a physical token, or a biometric factor like a fingerprint or facial recognition.