2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. 


First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. This second factor could come from one of the following categories:

  • Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
  • Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
  • Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice print


With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of a someone else having your second-factor information is highly unlikely. Looking at it from another angle, if a consumer uses 2FA correctly, websites and apps can be more confident of the user’s identity, and unlock the account.


There are different types of 2FA:

  • Hardware tokens
  • SMS-based
  • Software-based
  • Push notification
  • Fingerprints