# Multi-Factor Authentication (MFA)

### 🔒 Why MFA Matters

With increasing threats across Web3, single-factor login mechanisms (like passwords) are no longer sufficient. Tychi adopts MFA to add multiple layers of identity verification before allowing wallet access or transaction approvals.

***

### ✅ Authentication Factors Used

1. **Something You Know**
   * Secure password or passphrase
   * PIN for quick wallet-level confirmations
2. **Something You Are**
   * Biometric verification (fingerprint or facial recognition)
   * Device-native biometric APIs ensure privacy and speed
3. **Something You Have**
   * Time-based One-Time Password (TOTP) via Google Authenticator or Authy
   * Hardware tokens (e.g., YubiKey) for advanced users (optional)

***

### 🧠 MFA Usage Within Tychi

* **Login Protection**\
  Requires at least two factors (e.g., password + biometric) for app/device access.
* **Transaction Approval**\
  High-risk actions (e.g., large transfers, DApp authorizations) require full MFA confirmation.
* **Cold Wallet Access**\
  Mandatory MFA required to view or export cold wallet private key access controls.
* **Identity Verification**\
  MFA required when accessing DID documents or issuing Verifiable Credentials (VCs).

***