Multifactor authentication requires two of the following except:

Multifactor authentication (MFA) is a security mechanism that requires two or more different forms of verification to grant access to a system. The three widely recognized categories of authentication factors include:

1. Something you know (e.g., a password or PIN).

2. Something you have (e.g., a smartphone or a hardware token).

3. Something you are (e.g., biometric data like fingerprints or facial recognition).

In this context, “something you do” refers to behavioral traits or actions (for instance, a unique typing pattern or the way you navigate through a system) that might be used for additional authentication methods but are not standard elements in the traditional classification of MFA. Therefore, this factor is not typically included as part of the core requirements for multifactor authentication.

By focusing on these established factors, organizations can effectively bolster their security posture against unauthorized access, making the inclusion of "something you do" unnecessary for standard MFA frameworks.