Two-Factor Authentication (2FA)

2FA uses exactly two different authentication factors.

Updated: 2026-03-05

Definition

Two-Factor Authentication (2FA) requires two different factor types, such as a password (something you know) plus a one-time code from an authenticator app (something you have).

2FA is a specific form of MFA (MFA can include two or more factors).

Key points

Two different factor types are required (not two passwords)
TOTP and hardware keys are common second factors
Better than single-factor, but still needs secure recovery

Common mistakes

Calling 'password + security question' a second factor (it’s still 'something you know').
Ignoring account recovery security (weak recovery can bypass 2FA).

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

Microsoft Azure Fundamentals (AZ-900)

Free AZ-900 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.

Go to exams