A security method that requires two different forms of identification to access an account: something you know (password) and something you have (phone, security key) or something you are (biometric).
A security method that requires two different forms of identification to access an account: something you know (password) and something you have (phone, security key) or something you are (biometric).
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Two-factor authentication dramatically improves account security by requiring a second verification step beyond your password. Even if an attacker steals your password through phishing, a data breach, or credential stuffing, they still can't access your account without the second factor.
Common second factors include SMS codes (weakest), authenticator app codes (Google Authenticator, Authy), push notifications, and hardware security keys (FIDO2/WebAuthn — strongest). Biometrics like fingerprints and face recognition can also serve as factors.
According to Google, SMS-based 2FA blocks 96% of bulk phishing attacks and 76% of targeted attacks. Authenticator apps block 99% of bulk attacks and 90% of targeted attacks. Hardware security keys block 100% of both.
Google reported that after rolling out hardware security keys to all 85,000+ employees in 2017, the company experienced zero successful phishing attacks against employee accounts. Previously, employees were successfully phished regularly despite extensive security training.