Two-Factor Authentication (2FA)

Also known as: 2FA, Two-step verification

A specific form of multi-factor authentication that requires exactly two factors — usually a password plus a second factor — to verify identity.

Two-Factor Authentication (2FA) is the most common implementation of MFA: it combines exactly two factors, typically something the user knows (a password or PIN) with something they have (an authenticator app, hardware key, push notification) or something they are (a biometric). 2FA dramatically reduces account takeover from credential theft and password reuse, which is why regulators and large platforms now require it for administrators, finance roles and consumer accounts. The strength of 2FA depends on the second factor: FIDO2 security keys and passkeys are phishing-resistant, TOTP apps are decent, and SMS OTP is the weakest because of SIM-swap and interception attacks.

Examples

Logging in to a bank with a password and a TOTP code from an authenticator app.
A consumer site requiring a passkey in addition to a password for sensitive actions.

Two-Factor Authentication (2FA)

Examples

Related terms

Multi-Factor Authentication (MFA)

One-Time Password (OTP)

Time-Based One-Time Password (TOTP)

Passkey

Authentication

FIDO2

Definition

Examples

Related terms

Multi-Factor Authentication (MFA)

One-Time Password (OTP)

Time-Based One-Time Password (TOTP)

Passkey

Authentication

FIDO2