Using a one-time password (OTP) token alongside the regular password constitutes two-factor authentication (2FA), which is a subset of MFA. The OTP token is a physical device or software application that generates a time-limited code, adding an additional security layer beyond the password, which is 'something the user knows'. The token ensures 'something the user has', thereby satisfying MFA requirements. Biometric authentication, while it also provides an additional security layer, is categorized as 'something the user is', and it is generally not used in conjunction with a password as the sole two factors in remote system administration. Password strength policies improve the security of the password itself but do not add another factor. SSH keys are a secure method of authentication but are considered a single factor: 'something the user has'.