Multi-Factor Authentication
Multi-factor authentication, or MFA, confirms identity by requiring two or more independent forms of proof, typically combining something the candidate knows, something they have, and something they are. In online assessment, it strengthens access security so that a single compromised password cannot allow an unauthorized person to reach exam content or impersonate a candidate.
Multi-factor authentication is built on the idea that one form of proof is rarely enough. Passwords can be stolen, guessed, or shared, so MFA requires evidence from more than one category: knowledge, such as a password or PIN; possession, such as a phone receiving a one-time code; and inherence, such as a fingerprint or face. An attacker would need to defeat several independent factors at once, which is far harder.
In a testing context, MFA most often protects access to the exam and to the systems that hold its content. A candidate might enter a password and then confirm a code sent to their device, or combine a credential with a biometric check. Administrators and staff who handle sensitive exam material are also commonly required to use MFA to reduce the risk of unauthorized access.
The benefit is a sharp reduction in the impact of stolen or weak credentials. Because the additional factors are independent, compromising one does not grant entry, which protects both the integrity of the exam and the personal data associated with it.
Good implementation balances security with accessibility. Factors should be reasonably easy for legitimate candidates to use, with fallback options for those who lose access to a device, while still keeping the barrier high for impostors. Clear instructions reduce friction and avoidable lockouts.
As part of exam security, MFA reinforces identity verification and access control. It works alongside ID checks, biometric authentication, and secured environments to ensure that only the right people reach an exam, helping protect the trustworthiness of online assessment from the very first step. Because credential theft is one of the most common ways systems are breached, MFA has become a baseline expectation across many sectors, making it one of the most cost-effective ways to raise the security of exams and the systems that support them.
See secure proctoring in action
Proctor360 delivers Test Center Grade exam security anywhere, from AI auto-proctoring to the 360 Total View™ headset.
Book a Demo Back to Glossary