Two-factor authentication, or 2FA, is the simplest, most effective way to make sure users really are who they say they are. It strengthens security by requiring an additional layer of authentication in addition to a username and password, such as a smartphone app. 2FA helps protect against attackers who use compromised login credentials.
As the number of security breaches continues to rise, 2FA has become an essential web security tool because it mitigates the risk associated with compromised login credentials. If a password is hacked, guessed, or even phished, 2FA prevents an attacker from gaining access without approval by a second factor.
Processes vary among the different 2FA methods, but a typical 2FA transaction happens like this:
Authenticator apps are smartphone apps that handle the second-factor approval process as standard and push notifications.
Universal 2nd Factor (U2F) is an authentication standard that uses an authenticator (a USB hardware device) and a server. A user authenticates by tapping the U2F key inserted into their computer's USB port.
Using a hardware token, you can press a button to verify who you are. This device is programmed to generate a passcode that you must type into your two-factor prompt.
A unique passcode is sent to your phone via SMS that you must type into your two-factor prompt.
This method calls your phone and waits for you to pick up and press any key to authenticate before granting you access to your account.
Similar to SMS, a two-factor authentication app can generate new, unique passcodes for you to type into the two-factor prompt. These are known as a time-based, one-time passcode (TOTP).
WebAuthn allows you to use the TouchID fingerprint reader on MacOS laptops as a second factor to authenticate access to your accounts.