Two-factor authentication (2FA) is a security process that requires users to provide two different types of information to verify themselves. This typically includes something they know (like a password) and something they have (like a code sent to their phone or generated by an app) to gain access to an account. This method adds an extra layer of security to protect against unauthorized access.
Two-factor authentication (also known as 2FA, 2-step verification, or 2-phase authentication) enhances the security of your accounts by requiring two forms of verification before access is granted.
Here’s a breakdown of the six main types of 2FA and examples of how each is applied in real-world web applications.
- Authentication Apps (TOTP – Time-based One-Time Password)
Examples:
- Gmail and cloudHQ use Google Authenticator for Android and Google Authenticator for iPhone to generate codes that refresh every 30 seconds.
- Outlook and Azure are supported by Microsoft Authenticator.
- SMS Text Message
Example: PayPal uses SMS text messages to send a code to your phone, which you need to enter along with your password to log in.
- Push Notifications
Example: Slack uses Duo Mobile to send push notifications to your phone, allowing you to approve the login attempt with a tap.
- Physical Security Keys (U2F – Universal 2nd Factor)
Example: GitHub and Google accounts can be secured using YubiKey.
- Biometric Methods (Fingerprints, facial recognition, iris scans)
Example: Apple Pay and iCloud utilize Apple’s Face ID and Touch ID for security.
- Email-based Verification
Example: Some smaller platforms or community forums send a verification code to your registered email address, which you need to enter as a second factor.