1 article with this tag
Two-factor authentication (2FA) strengthens identity checks by adding a different category of proof — 'something you have' or 'something you are' (a code, key, or biometric) — on top of 'something you know' (your password). It is strictly not the same as two-step verification (two checks, not necessarily two categories). Strength depends on the method: SMS/email < authenticator app (TOTP) < passkey/security key (FIDO2). This site's stance: turn on some 2FA everywhere first, then move key accounts to methods you can't hand to a phishing site.