Two-factor authentication (2FA)

Entersekt | Encyclopedia | Two-factor authentication (2FA)
What is two-factor authentication (2FA)?

Two-factor authentication (2FA) provides an extra layer of security, requiring users to input two different authentication factors, such as a password and a one-time PIN code, to verify their identity.

Oftentimes, 2FA authentication consists of a password, or something you know, in addition to another factor, such as something you have, like a smartphone, or something you are, like a fingerprint.

What’s the difference between 2FA and multi-factor authentication (MFA)?

While two-factor authentication involves the use of two authentication factors, MFA relies on more than two factors – for example, a password (knowledge factor), plus a biometric scan (inherence factor) and a customer’s smartphone (possession factor). Multi-factor authentication provides better protection against digital banking fraud as fraudsters have three or more layers of security to overcome, reducing the risk of unauthorized access.

Why is two-factor authentication no longer effective?

2FA means that fraudsters only need to overcome two factors of authentication. Two-factor authentication usually comprises weak security measures, such as a password and one-time password or passcode, which are highly susceptible to being intercepted by fraudsters.

While MFA is typically more secure, it can be less effective if one of the factors is an SMS one-time password (OTP). Instead, a more modern solution like passkeys would offer stronger security in place of outdated technology like passwords or OTPs.

A push notification to the customer’s mobile phone is another solution that provides better security than passwords or OTPs. Push notifications are a form of out-of-band authentication, meaning they utilize a separate communication channel to authenticate the customer.

Additional resources:


Two-factor authentication (2FA) | Multi-factor authentication | Mobile Authentication