Which of the following is an example of multi-factor authentication?

Multi-factor authentication (MFA) is an essential security mechanism that requires users to present two or more verification factors to gain access to a resource, such as an application or online account. The rationale behind MFA is to enhance security by combining something the user knows (like a password or PIN) with something the user has (like a smart card or token).

Option B exemplifies multi-factor authentication because it incorporates two distinct types of verification: a user password, which is a knowledge factor, and a PIN-activated smart card, which is a possession factor. This combination effectively satisfies the criteria for MFA, making it more robust against unauthorized access, as an attacker would need both the knowledge (the password) and the physical device (smart card) to gain entry.

In contrast, the other choices do not satisfactorily meet the definition of multi-factor authentication. Option A references two biometric identifiers, which, while they are unique to the user, do not introduce a second distinct factor from a different category. Option C combines two knowledge-based factors (a passphrase and an application-level password), which also fails to introduce a separate possession or inherent factor. Lastly, option D, although it involves presenting a token twice, does not differentiate between factors; it relies on