Two-Factor Authentication (2FA)
What is Two-Factor Authentication (2FA)?
Two-Factor Authentication (2FA)A specific form of multi-factor authentication that requires exactly two factors — usually a password plus a second factor — to verify identity.
Two-Factor Authentication (2FA) is the most common implementation of MFA: it combines exactly two factors, typically something the user knows (a password or PIN) with something they have (an authenticator app, hardware key, push notification) or something they are (a biometric). 2FA dramatically reduces account takeover from credential theft and password reuse, which is why regulators and large platforms now require it for administrators, finance roles and consumer accounts. The strength of 2FA depends on the second factor: FIDO2 security keys and passkeys are phishing-resistant, TOTP apps are decent, and SMS OTP is the weakest because of SIM-swap and interception attacks.
● Examples
- 01
Logging in to a bank with a password and a TOTP code from an authenticator app.
- 02
A consumer site requiring a passkey in addition to a password for sensitive actions.
● Frequently asked questions
What is Two-Factor Authentication (2FA)?
A specific form of multi-factor authentication that requires exactly two factors — usually a password plus a second factor — to verify identity. It belongs to the Identity & Access category of cybersecurity.
What does Two-Factor Authentication (2FA) mean?
A specific form of multi-factor authentication that requires exactly two factors — usually a password plus a second factor — to verify identity.
How do you defend against Two-Factor Authentication (2FA)?
Defences for Two-Factor Authentication (2FA) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Two-Factor Authentication (2FA)?
Common alternative names include: 2FA, Two-step verification.