Home

ZweiFaktorAuth

ZweiFaktorAuth is a term describing two-factor authentication, a security measure that requires two independent credentials to verify a user's identity. Typically this combines something the user knows (a password) with something the user possesses (a token or device) or something the user is (a biometric trait).

Common implementations include time-based one-time passwords generated by authenticator apps, push-based approvals, and hardware security keys

Standards such as TOTP (RFC 6238) and HOTP (RFC 4226) govern code-based methods, while FIDO2/WebAuthn provides

Security and policy considerations include the trade-off between convenience and protection, the need for backup/recovery options,

that
support
FIDO2/WebAuthn
or
U2F.
SMS
codes
are
also
sometimes
used
but
are
generally
less
secure.
phishing-resistant,
public-key-based
second
factors.
The
choice
of
method
affects
usability,
phishing
resistance,
and
recovery
options.
and
handling
of
device
loss.
2FA
reduces
the
risk
of
credential
theft
but
is
not
immune
to
phishing
or
social
engineering
if
weaker
methods
are
used.