Two-Factor Authentication
Also known as: 2fa, mfa, otp
Requiring a second credential — a code, a hardware key, a passkey — in addition to a password.
Two-factor authentication makes a stolen password insufficient on its own. Factors are grouped as something you know (password), something you have (phone, hardware key) or something you are (biometric). The strongest common form is a hardware security key or a passkey; SMS codes are the weakest and vulnerable to SIM-swap attacks.
Any 2FA is dramatically better than none. Prefer authenticator apps or hardware keys over SMS when available.
