Short Tutorial/FAQ – What Is Two-Factor Authentication?

Question: I'm being asked to use two-factor authentication for some online accounts. What is it?

Answer: Two-factor authentication (2FA) is an extra layer of security that requires two distinct forms of identification in order to gain access to an online account or computer system. In this context, a factor means a way to convince the account or system that you are who you say you are, so it can determine if you have the rights to access the data services.

By far the most common authentication factor in use today is the username/password pair, and since most accounts only require a password for access, they're using single-factor authentication. With two-factor authentication, however, you need to also prove your identity in a second way.

There are a variety of 2FA forms — some stronger or more complex than others — but all offer better protection than passwords alone. For example, the second factor may be:

• Something you have (such as a text with a time-based code sent to your smartphone or other device, or a smartphone authenticator app)
  
  
• Something you are (biometrics using your fingerprint, face, or retina)

As passwords become increasingly less secure, whether through data breaches or poor user practices, more service providers are encouraging or mandating the shift to 2FA. That's because with 2FA, even if your password is stolen or your phone is lost, the chances of someone else having your second-factor information is highly unlikely.

Despite the slight inconvenience of a longer log-in process, security experts recommend enabling 2FA wherever you can.