Including a z/OS complex, with the control of a Federated Identity Management(FIM) or Single Sign On(SSO), user logon process often invites a loss of system integrity and security. MFL employs the best MFA concepts, i.e. the user never knows the complete password/passphrase in advance of logon, while at the same time preserving the user RACF credential and RACF's ultimate control over the user logon. All software, simple, straight-forward.
Both MFL and MFR support the users MFA secret, her prefix, by generating and storing its encrypted form within z/OS. The prefix may be updated at any time, as often as needed. Users begin a logon by entering their valid, RACF userid and password after which the z/OS system generates and sends them, via email or text, a time-sensitive suffix. The user concatenates the prefix and suffix into a new password that, along with their userid, can be used for logging on during a 'Validity Window'.