Two-factor authentication or 2FA is an additional step in the direction of security and identity management. It goes beyond the typical username and password and asks for something unique to you in three categories.
These categories are either something you have such as your cellphone, something only you can know like your social security number, and something unique to you such as your fingerprint.
The one time token or password is retyped by the user into the application they want to access which increases the security of the authentication process. The user must have the right username, password, and token in order to login. The adds an extra measure of security in helping to keep frauds outs.
While SMS is the normal way 2FA is used, there are two alternatives:
– Push notification which avoids the retyping of codes across various devices, works on mobile and web systems, and is backed by a stronger security system.
– Mobile app soft tokens that are verified by a time-based one-time passcode, requires offline authentication, and has cloud backup and sync options available.