The FFIEC issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors.
"[1] A commonly found class of definitions relates to a cryptographic process, or more precisely, authentication based on a challenge–response protocol.
[citation needed] This is the case for example with the definition found in the Fermilab documentation.
[3] An other class, which has legal standing within the European Economic Area, is Strong Customer Authentication.
The Fast IDentity Online (FIDO) Alliance has been striving to establish technical specifications for strong authentication and has 250 members and over 150 certified products.