Two-factor authentication (2FA) is an electronic authentication method that requires a user to present two or more pieces of evidence to an authentication mechanism to gain access to a website or application. It is an extra layer of security used to ensure the security of online accounts beyond just a username and password. The two factors used in 2FA can come from the following categories:
- Something the user knows (e.g., a password or PIN)
- Something the user has (e.g., a smartphone or security token)
- Something the user is (e.g., biometric data like a fingerprint or facial recognition)
2FA is implemented to better protect both a users credentials and the resources the user can access. It provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor, typically a password or passcode.
Examples of 2FA include supplementing a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g., a security token or smartphone) that only the user possesses. An example of 2FA is withdrawing money from an ATM, where only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.
Businesses use 2FA to help protect their employees’ personal and business assets, which is important because it prevents cybercriminals from stealing, destroying, or accessing internal data records for their own use. Two-factor authentication is the foundational element of a zero-trust security model, which is an effective way to protect against many security threats that target user passwords and accounts, such as phishing, brute-force attacks, credential exploitation, and more.
There are many different devices and services for implementing 2FA, from tokens to radio frequency identification (RFID) cards to smartphone apps. Two-factor authentication products can be divided into two categories: tokens that are given to users to use when logging in, and infrastructure or software that recognizes and authenticates access for users who are using their tokens correctly.
In summary, 2FA is an extra layer of security that requires a user to present two or more pieces of evidence to an authentication mechanism to gain access to a website or application. It provides a higher level of security than authentication methods that depend on single-factor authentication and is implemented to better protect both a users credentials and the resources the user can access.
