What Is Two-Factor Authentication?
Two-Factor Authentication (2FA)
Two-factor authentication (2FA) requires two different types of proof to verify identity: something you know (password) and something you have (phone, hardware key) or something you are (fingerprint). Even if your password is stolen, attackers can't access your account without the second factor.
How Two-Factor Authentication Works
After entering your password, you're prompted for a 6-digit code from an authenticator app (Google Authenticator, Authy). The code changes every 30 seconds using TOTP (Time-based One-Time Password). Hardware keys (YubiKey) provide the strongest 2FA — tap the key to authenticate.
Key Concepts
- TOTP — Time-based One-Time Password — generates a 6-digit code every 30 seconds using a shared secret
- Hardware Keys — Physical devices (YubiKey, Titan) that provide phishing-resistant authentication via FIDO2/WebAuthn
- Recovery Codes — Backup codes for when you lose your 2FA device — store them securely offline
Frequently Asked Questions
SMS 2FA vs authenticator app?
Authenticator apps (TOTP) are significantly more secure. SMS can be intercepted via SIM swapping. Use an authenticator app as minimum, hardware keys for maximum security.