With the wide use of mobile devices today, the amount of business transactions carried out through these devices is drastically increasing. However, there are many weaknesses to a single-factor authentication (SFA) when being used in the mobile context, requiring strong authentication mechanisms to meet requirements in terms of security and convenience. As such, there is a strong need to develop multi-factor authentication (MFA) mechanisms that are applicable to the mobile context. Recommendation ITU-T X.1158 provides multi-factor authentication mechanisms using a mobile device. This Recommendation describes the weaknesses of a single-factor authentication mechanism, the need for a multi-factor authentication mechanism and various combinations of the multi-factor authentication mechanisms using a mobile device, and the threats for the two-factor authentication (TFA) mechanism. In addition, security requirements to reduce the threats of a single-factor authentication are provided including potential typical multi-factor authentication mechanisms. This Recommendation assumes the use of a mobile device with subscriber identity module (SIM) card capability, and should not exclude the use of virtual SIM cards. Specifically, this Recommendation is applicable to all applications using mobile devices. This Recommendation is based on the framework described in Recommendation ITU-T X.1154.