Two-factor authentication, or 2FA, refers to the use of more than one mechanism for authentication. Traditionally, most authentication systems have relied on just one factor: a username and password combination. Adding a second factor can dramatically increase the security of an authentication system.
Security experts generally recommend the use of a combination of different kinds of authentication factors. A password is ‘something you know’, and can be combined effectively with ‘something you have’, such as a 2FA security key that can be plugged into a laptop. For the online service requesting authentication, the correct password confirms that the end user knows what they are supposed to know, while a click of the security key confirms that they have the one piece of hardware they are supposed to have.
Biometrics can also be a second factor, in the form of ‘something you are’. And they don’t necessarily need to be combined with a password. New solutions are emerging such as biometric security keys that feature an embedded fingerprint reader. Such a device doesn’t require passwords at all, instead combining ‘something you have’ with ‘something you are’. This allows for a far higher level of security than basic password-based authentication could ever have offered.
2FA has long been a popular authentication framework among security experts, and in recent years the concept has benefited considerably from the FIDO Alliance, a cross-industry consortium that has established strong standards for authentication and advocated for the use of effective, post-password security.