Two-factor authentication (also known as 2FA) is a technology that provides identification of users by means of the combination of two different components. In other words, 2FA adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that's considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account. The three types are:
- Something you know, such as a personal identification number (PIN), password or a pattern
- Something you have, such as an ATM card, phone, etc.
- Something you are, such as a biometric like a fingerprint or voice print
Mobile phone two-factor authentication was developed to provide an alternative to Hard Tokens as users tend to carry their mobile devices around at all times anyway. This approach uses mobile devices to serve as "something that the user possesses", and OTP can be sent to the device by SMS or via a special app.