Home

2FA

Two-factor authentication (2FA) is a security process in which a user provides two independent verification factors to prove their identity when logging into an account or system. The two factors typically come from at least two of three categories: something you know (a password or PIN), something you have (a physical token or device), and something you are (biometric data such as a fingerprint or facial recognition).

Common second factors include one-time passcodes sent by SMS, codes generated by authenticator apps that implement

2FA reduces the risk that a stolen password alone enables unauthorized access, but it is not foolproof.

Best practices include enabling 2FA on all supported accounts, prioritizing authenticator apps or hardware security keys

time-based
one-time
passwords
(TOTPs),
hardware
security
keys
that
use
standards
such
as
FIDO2
or
U2F,
and
biometric
verification
on
compatible
devices.
Some
services
also
offer
push-based
approvals
or
other
notification-based
methods
as
a
second
factor.
SMS-based
codes
are
vulnerable
to
SIM
swapping
and
interception,
and
phishing
or
malware
can
still
compromise
accounts
if
users
are
tricked
into
providing
the
second
factor
or
approval.
Weaker
second
factors
can
be
captured
or
replayed,
and
losing
access
to
the
second
factor
can
complicate
account
recovery.
over
SMS
where
possible,
and
storing
backup
codes
securely
for
recovery.
Some
services
support
phishing-resistant
MFA
using
WebAuthn
or
other
security
keys,
which
provide
stronger
protection
against
credential
phishing.