Two-factor authentication (2FA), also known as dual factor authentication, provides a way of ‘double checking’ that you really are the person you are claiming to be when logging on to a server or website such as internet banking, email or social media sites. It is available on most of the major online services.
2FA improves security substantially since an attacker would need to gain possession of both identifiers, making it much more difficult.
A 2FA flow usually looks like this:
- Access is requested via a standard login interface
- A username and a password are submitted
- If the username and passwords are accepted, the authentication mechanism will ask for the predetermined 2nd factor, e.g. an OTP code.
- The user will enter the one-time code and gain access.
Many other combinations of identifiers can be used, including a password plus SMS-code to a registered mobile device, a passphrase plus a biometric identifier from a fingerprint sensor, a physical token plus an answer to pre-determined authentication questions, etc.