[thaumaturgy]

I'm not a tremendous fan of multi-factor authentication yet. The idea is nice, but really it just adds a second password to the mix, and if the person can't get one password right...

My bank for example uses multi-factor authentication. Two of the three possible initial questions ask for a color. Let's see ... black, blue, yellow, green, red...

[mtrichardson]

That's not multi-factor authentication.

True multi-factor authentication involves a combination of something you know (eg, your password), something you have (your phone, a fob, etc.) and something you are (generally biometric things, which for obvious reasons haven't picked up too much).

Multiple security questions are just additional things-you-know, and as such, aren't multifactor.

[thaumaturgy]

Ah, thanks, you're right.

My bank's website specifically calls it "multi-factor authentication", and I never bothered to double-check the term.

[ams6110]

Multi-Factor as I usually understand it is based, ideally, on "something you have" (e.g. an RSA token, your fingerprint, etc) and "something you know" (a password/passphrase).

Your example sounds like two "something you know" factors, which is really just a more complex password.