-
Two-factor authentication (2FA) is a method of confirming users’ claimed identities by using a combination of two different pieces of information or factors
Back to Glossary
What is two-factor authentication?
Two-factor authentication (also known as 2FA or two-step verification) is a method to confirm a user’s claimed online identity by using a combination of two different types of factors. A password is typically considered one factor, and with 2FA that is combined with another factor to increase login security. Factors used for 2FA include:
Something you know
Password or PIN
Something you have
A physical device such as a phone or authenticator.
Something you are
A fingerprint, iris or facial scan
See AlsoAdding an Account to the Google Authenticator App2 Step VerificationKey Authentication - Win32 appsAn example of two-factor authentication
A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something that the user possesses) and a PIN (something that the user knows) allows the transaction to be carried out.
The problem with passwords
Passwords are easily breached
The typical validation method most individuals and business users use today is a single factor password. But usernames and passwords are stored on a server and can be easily breached as cyber criminals become more organized and adept.
Too many passwordsWith increasing use of email, social media, and online banking and shopping, most people have a lot of places they need to log in. In fact, most consumers have 150 online accounts and therefore many usernames and passwords to remember! As a result, online users resort to creating several complex passwords – or worse; they use the same password across multiple sites.
Passwords are used repeatedly
With many users re-using passwords across sites, once a cybercriminal gets their hands on a user’s credentials, those credentials may work across multiple accounts. Two-factor authentication is the best defense users have to protect accounts when their passwords have been stolen.
3.3 Billion stolen credentials
reported in 2017
81% of data breaches
from weak/stolen passwords
$3.9 Million average cost
of a breach ($148/ record)
Two-factor authentication has become the standard
Most service providers such as Google, Facebook and Apple already support 2FA and consider it an integral part of the authentication process.
Types of two-factor authentication
Hardware Security Keys
Security
Hardware security keys offer the highest levels of online security, logging into many services with just one key.
Ease of Use
Hardware security keys can offer passwordless login, with no code to enter. Hardware keys typically require no network connectivity, and does not rely on battery power.
Cost
Hardware security keys are significantly cheaper than a mobile phone, and in the case of a lost or stolen key, a backup is much cheaper than replacing a mobile phone.
Text Message (SMS 2FA)
Security
Not very secure as this approach is vulnerable to phone number porting scams. Also, per NIST Cybersecurity Framework guidelines, the SMS 2FA approach offers a poor security level.
Ease of Use
Requires users to retype of copy and paste the one time code which can be confusing or time consuming. This approach typically relies on users having a mobile phone. In order to receive the code the devices needs to have network connectivity and sufficient battery life.
Cost
Using a mobile phone as the authenticating device can be very expensive. And, in the case of a lost or stolen device, replacing the phone can be very costly again.
Authenticator Apps
Security
More secure than text messages but not as secure as hardware security keys based on public key cryptography.
Ease of Use
Requires users to retype or copy and paste the one time code, which can be a confusing and time consuming.
Cost
Authenticator apps are often free to download, however it relies on users having a mobile phone. While codes can be available even when the phone is offline, it is reliant on the mobile phone battery life. In the case of a lost or stolen device, replacing the phone can be very costly.
Mobile Push 2FA
Security
More secure than text messages but not as secure as hardware security keys based on public key cryptography.
Ease of Use
This approach typically relies on users having a mobile phone. In order to receive the code the devices needs to have network connectivity and sufficient battery life.
Cost
Using a mobile phone as the authenticating device can be very expensive. And, in the case of a lost or stolen device, replacing the phone can be very costly again.
Find the right Yubikey
Take the quick Product Finder Quiz to find the right key for you or your business.
Let’s start
Get protected today
Browse our online store today and buy the right YubiKey for you.
Shop now
FAQs
What is two-factor authentication 2FA? ›
Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. 2FA gives businesses the ability to monitor and help safeguard their most vulnerable information and networks.
How do you enable 2FA? ›- Go to the ACCOUNT page.
- Click the PASSWORD & SECURITY tab.
- Under the 'TWO-FACTOR AUTHENTICATION' header, you will see the available 2FA options: Two-factor Authenticator App: Use an Authenticator App as your Two-Factor Authentication (2FA). ...
- Click "SET UP" to enable your preferred 2FA method.
- Go to Settings > [your name].
- Tap Sign-In & Security > Two Factor Authentication.
- Tap Get Verification Code.
There are several examples of 2FA, but there are two very important examples. One example is sending a code to a user's mobile phone via text message, and this sending code from 2FA must be entered in addition to the password to log in. Another example is using a biometric identifier such as a fingerprint or iris scan.
What is the difference between 2 factor authentication and 2 factor verification? ›2FA requires two different types of factors, while 2SV uses two factors from the same category. Additionally, 2FA is generally considered to be more secure than 2SV since it requires two factors from different categories, which makes it more difficult for attackers to gain unauthorized access.
How safe is two-factor authentication? ›When Faced With the Question, Is 2-Step Verification Safe? The answer is a sure yes. However, it is not foolproof. There should be additional measures to further prevent hackers from infiltrating the user's accounts.
Where is two-factor authentication on phone? ›- Open your Google Account.
- In the navigation panel, select Security.
- Under “How you sign in to Google,” select 2-Step Verification. Get started.
- Follow the on-screen steps.
To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes.
How do I recover my two-factor authentication code? ›Go to the 2-Step Verification section of your Google Account. Select Show codes. Select Get new codes.
Which two are most often used for two-factor authentication? ›Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor -- usually either a security token or a biometric factor, such as a fingerprint or facial scan.
How do I find my 2FA authenticator code? ›
You can also use the search bar to find the code you need. To search through your Google Authenticator codes, enter any text matching the username to find the code.
What are the three types of two-factor authentication? ›Let's explore the most popular forms of 2FA that you can use to secure your accounts today: SMS, OTP, and FIDO U2F.
What is an example of a two-factor authentication? ›Two-factor authentication can work in multiple ways. One of the most common examples of 2FA requires a username/password verification and an SMS text verification. In this example, when the user creates an account for a service they must provide a unique username, a password, and their mobile phone number.
Why do I need 2 factor authentication? ›Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because, even if the victim's password is hacked, a password alone is not enough to pass the authentication check.
What is the difference between 2FA and password? ›Two-Factor Authentication (2FA) is a second form of authentication that is used to verify your identity after you've already entered your username and password correctly. When 2FA is enabled on an account, it adds an extra layer of security to ensure that only you have the means to access your account.
What is the difference between 2-step and 2FA? ›The key difference between 2-step verification vs. 2-factor authentication is that 2FA requires two independent forms of authentication from different categories. In contrast, 2SV only requires two pieces of information with no regard for whether they are from the same type of authentication category.