Multi-Factor Authentication is a False Concept
Mutli-factor authentication has been described as:
1) Something you Know (i.e. password/passphrase)
2) Something you Have (e.g. bankcard or security token)
3) Something you Are (i.e. bio-metrics) and
4) Some Place you are (e.g. GPS coordinates, IP address, hard-line phone call)
Unfortunately every single one of these factors - once recorded in a computer security system - becomes 1) Something [someone] Knows. When that happens all authentication becomes (sometimes multiple) single factors of knowledge (e.g. bankcard numbers, token algorithms and secret keys, images and/or numeric recordings of bio-metric data, etc.).