MFA includes but is not limited to the following: a call, SMS, push notification, time-based one-time password, OATH token, hardware token, device pinning, authenticator apps, biometrics, or a FIDO2 key (e.g., YubiKey, RSA SecurID).
"User accounts” include employees and (where applicable) students, volunteers, interns, third-party contractors, and any other persons with a user account on your network.