What is 'Two-Factor Authentication (2FA)'?

Two-factor authentication (2FA) is a second layer of security to protect an account or system. Users must go through two layers of security before being granted access to an account or system. 2FA increases the safety of online accounts by requiring two types of information from the user, such as a password or PIN, an email account, an ATM card or fingerprint, before the user can log in. The first factor is the password; the second factor is the additional item.

BREAKING DOWN 'Two-Factor Authentication (2FA)'

2FA is designed to prevent unauthorized users from gaining access to an account with nothing more than a stolen password. Users may be at greater risk of compromised passwords than they realize, particularly if they use the same password on more than one website. Downloading software and clicking on links in emails can also expose an individual to password theft.

Despite the slight inconvenience of a longer log-in process, security experts recommend enabling 2FA wherever possible: email accounts, password managers, social media applications, cloud storage services, financial services, blogging platforms and more. Apple account holders, for example, can use 2FA to ensure that accounts can only be accessed from trusted devices. If a user tries to log in to their iCloud account from a different computer, the user will need the password, but also a multi-digit code that Apple will send to one of the user's devices, such as their iPhone.

2FA is not just applied to online contexts. 2FA is also at work when a consumer is required to enter their zip code before using their credit card at a gas pump or when a user is required to enter an authentication code from an RSA SecurID key fob to log in remotely to an employer’s system.

While 2FA does improve security, it is not foolproof. Hackers who acquire the authentication factors can still gain unauthorized access to accounts. Common ways to do so include phishing attacks, account recovery procedures and malware. Hackers can also intercept text messages used in 2FA. Critics argue that text messages are not a true form of 2FA since they are not something the user already has but rather something the user is sent, and the sending process is vulnerable. Instead, the critics argue that this process should be called two-step verification. Some companies, such as Google, use this term. Still, even two-step verification is more secure than password protection alone. Even stronger is multi-factor authentication, which requires more than two factors before account access will be granted.

RELATED TERMS
  1. Account Number

    An account number is the primary identifier for ownership of ...
  2. Mobile Banking

    Mobile banking is the act of making financial transactions on ...
  3. Smishing

    The use of SMS (short messaging services) technology to phish ...
  4. Security Token

    A security token is a portable device that authenticates a person's ...
  5. Credit Card Authentication

    Credit card authentication is the process of confirming a customer’s ...
  6. Direct Deposit

    Direct deposit is the deposit of electronic funds directly into ...
Related Articles
  1. Tech

    Advisors: Avoid Phishing Scams and Cybercrimes

    Taking these steps will help to avoid falling victim to some big cybersecurity threats.
  2. Tech

    7 Ways to Protect Yourself From Online Identity Theft

    These seven steps can help protect your online identity from hackers and scammers.
  3. Insights

    Detailed Ways to Protect Digital Data

    Knowing how to protect digital data has become a big concern these days. Here are four easy ways to keep your personal information safe.
  4. Tech

    7 Cybersecurity Tips to Protect Your Finances

    These seven cybersecurity tips will help protect your finances from online fraud and hacking.
  5. Investing

    How to (Mostly) Prevent Twitter App Hacks

    The most recent large-scale Twitter account hack has prompted some users to take extra precautions.
  6. Tech

    Cybersecurity Steps Everyone Should Take

    Anyone using a device connected to the internet should employ these cybersecurity practices.
  7. Tech

    Cybersecurity: Stay Safe Online With These Tips

    No one can guarantee that any of us are 100% safe from cyber and identity related crimes, but we can make ourselves less of a target. Here's how.
  8. Tech

    How to Avoid Human Errors in Cybersecurity

    There is a significant human element to cybersecurity that shouldn't be ignored.
  9. Tech

    Tips For Keeping Your Financial Data Safe Online

    Find out how to protect your personal information from phishers, scammers and thieves.
RELATED FAQS
  1. Is Apple Pay safe and free?

    Learn more about Apple Pay, one of Apple's newest and most metamorphic programs that is changing the way consumers purchase ... Read Answer >>
  2. What Are the Pros and Cons of Online Checking Accounts?

    Learn about the ways an online checking account can save you time and money, but understand the drawbacks before signing ... Read Answer >>
  3. What is cost accounting?

    Learn about the main benefits of cost accounting systems, how they are different from financial accounting and why they are ... Read Answer >>
  4. What are the advantages of paying with Bitcoin?

    Learn how payments made with Bitcoins offer certain advantages over standard currency, including user anonymity, no taxation ... Read Answer >>
Hot Definitions
  1. Leverage

    Leverage results from using borrowed capital as a source of funding when investing to expand the firm's asset base and generate ...
  2. Financial Risk

    Financial risk is the possibility that shareholders will lose money when investing in a company if its cash flow fails to ...
  3. Enterprise Value (EV)

    Enterprise Value (EV) is a measure of a company's total value, often used as a more comprehensive alternative to equity market ...
  4. Relative Strength Index - RSI

    Relative Strength Indicator (RSI) is a technical momentum indicator that compares the magnitude of recent gains to recent ...
  5. Dividend

    A dividend is a distribution of a portion of a company's earnings, decided by the board of directors, to a class of its shareholders.
  6. Inventory Turnover

    Inventory turnover is a ratio showing how many times a company has sold and replaces inventory over a period.
Trading Center