Two-factor authentication (2FA for short), sometimes called multi-factor authentication (MFA), is a system in which you must verify your identity in two separate ways to access an account – this may be a login password, an online account or an account to access an application.
Two-factor authentication relies on:
- Something you HAVE, and
- Something you KNOW
Here’s an example:
After enabling 2FA on a Gmail account, each time you log in, you’ll have to input your password (something you know). You then get asked to enter a six-digit code that is unique to you and changes every 20 seconds. You get this code from an app on your phone, a jump-drive-sized key fob or a program on your computer (something you have).
In the above example, you use a smartphone app (there’s one for every type of device, and one app will handle the 2FA codes for each individual account) and input the code. Only then do you have access to your account. You must enter both the password and you 2FA code each time you access the account. If someone steals your password, they still can’t access your Gmail account, because they lack access to the unique and constantly changing token that you hold.
If you aren’t currently using two-factor authentication with your most sensitive data and systems, you should strongly consider it. While it is an extra step, it dramatically reduces the risk of an account breach.