• English
    • Français
    • Deutsch
    • 日本語
    • Español
    • Svenska
  • Contact sales
  • Reseller locator
  • English English English en
  • Français Français French fr
  • Deutsch Deutsch German de
  • 日本語 日本語 Japanese ja
  • Español Español Spanish es
  • Svenska Svenska Swedish sv
Yubico
  • Why Yubico
    • For business
    • For individuals
    • For developers
  • Products
    • YubiKeys
    • YubiHSM
    • YubiEnterprise services
    • Services & software
    • Works with YubiKey
    • Find the right YubiKey
  • Solutions
    • Use Cases
      • Remote Workers
      • Passwordless
      • Microsoft 365
      • MFA modernization
      • Account takeovers
      • Compliance
      • Privileged users
      • Mobile restricted environments
      • Call centers
      • Secure password managers
    • Industries
      • Technology
      • Financial services
      • Cryptocurrency
      • Retail
      • Federal Government
      • State and Local Government
      • Elections and Political Campaigns
      • Education
      • Healthcare
  • Resources
    • Getting Started
    • COVID-19 Resources
    • White papers
    • Webinars
    • Product briefs
    • Case studies
    • Infographics
    • Yubico blog
    • Authentication standards
    • Videos
    • Developer program
    • Cybersecurity Glossary
  • Company
    • About us
    • The team
    • Innovation history
    • Careers & culture
    • Press room
    • Contact us
    • Partners
    • Events
    • Our customers
    • Free Speech program
    • Affiliate program
  • Support
    • Support services
    • Professional Services
    • Set up your YubiKey
    • Help
    • Documentation
    • Downloads
    • Buying and shipping
    • Security advisories
  • 
      • X
        Quick Links
        Find the Right YubiKey Set Up Your YubiKey Contact Us
        Knowledge Base
      • Search Yubico
  • Search
Store
Green device with 2fa

All about two-factor
authentication (2FA)

Two-factor authentication (2FA) is a method of confirming users’ claimed identities by using a combination of two different pieces of information or factors

What is two-factor authentication?

Two-factor authentication (also known as 2FA or two-step verification) is a method to confirm a user’s claimed online identity by using a combination of two different types of factors. A password is typically considered one factor, and with 2FA that is combined with another factor to increase login security. Factors used for 2FA include:

Something you know

Password or PIN

Something you have

A physical device such as a phone or authenticator

Something you are

A fingerprint, iris or 
facial scan

An example of two-factor authentication

A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something that the user possesses) and a PIN (something that the user knows) allows the transaction to be carried out.

Card next to hand typing in pin for 2fa

The problem with passwords

Passwords are easily breached

The typical validation method most individuals and business users use today is a single factor password. But usernames and passwords are stored on a server and can be easily breached as cyber criminals become more organized and adept.

Too many passwords

With increasing use of email, social media, and online banking and shopping, most people have a lot of places they need to log in. In fact, most consumers have 150 online accounts and therefore many usernames and passwords to remember! As a result, online users resort to creating several complex passwords – or worse; they use the same password across multiple sites.

Passwords are used repeatedly

With many users re-using passwords across sites, once a cybercriminal gets their hands on a user’s credentials, those credentials may work across multiple accounts. Two-factor authentication is the best defense users have to protect accounts when their passwords have been stolen.

3.3 Billion

Stolen Credentials reported in 2017

81% of data breaches

from weak/stolen passwords

$3.9 Million

average cost of a breach ($148/ record)

Two-factor authentication has 
become the standard

Most service providers such as Google, Facebook and Apple already support 2FA and consider it an integral part of the authentication process.

Types of two-factor authentication

Hardware
Security Keys

Security

Hardware security keys offer the highest levels of online security, logging into many services with just one key.

Ease of Use

Hardware security keys can offer passwordless login, with no code to enter. Hardware keys typically require no network connectivity, and does not rely on battery power.

Cost

Hardware security keys are significantly cheaper than a mobile phone, and in the case of a lost or stolen key, a backup is much cheaper than replacing a mobile phone.

Text Message
(SMS 2FA)

Security

Not very secure as this approach is vulnerable to phone number porting scams. Also, per NIST Cybersecurity Framework guidelines, the SMS 2FA approach offers a poor security level.

Ease of Use

Requires users to retype of copy and paste the one time code which can be confusing or time consuming. This approach typically relies on users having a mobile phone. In order to receive the code the devices needs to have network connectivity and sufficient battery life.

Cost

Using a mobile phone as the authenticating device can be very expensive. And, in the case of a lost or stolen device, replacing the phone can be very costly again.

Authenticator Apps

Security

More secure than text messages but not as secure as hardware security keys based on public key cryptography.

Ease of Use

Requires users to retype or copy and paste the one time code, which can be a confusing and time consuming.

Cost

Authenticator apps are often free to download, however it relies on users having a mobile phone. While codes can be available even when the phone is offline, it is reliant on the mobile phone battery life. In the case of a lost or stolen device, replacing the phone can be very costly.

Mobile Push
2FA

Security

More secure than text messages but not as secure as hardware security keys based on public key cryptography.

Ease of Use

This approach typically relies on users having a mobile phone. In order to receive the code the devices needs to have network connectivity and sufficient battery life.

Cost

Using a mobile phone as the authenticating device can be very expensive. And, in the case of a lost or stolen device, replacing the phone can be very costly again.

Find the right YubiKey
Take the quick Product Finder Quiz to find the right key for you or your business.
Let’s start
Get protected today
Browse our online store today and buy the right YubiKey for you.
Shop now

Say hello to the YubiKey and defend against phishing

Contact Sales
Buy Online

Find
Take product finder quiz

Set up
Find set-up guides

Buy
Buy online
Contact sales
Find resellers

Stay connected
Sign up for email

RSS FeedTwitterLinkedInFacebookInstagramYoutubeGithub

Products
YubiKeys
YubiHSM
YubiEnterprise services
Services & software
Works with YubiKey
Find the right YubiKey

Why Yubico

For personal use
For businesses
For developers
Solutions
Remote Workers
Passwordless
Microsoft 365
Call centers
Cryptocurrency
Financial services
Federal Government
State & Local Government
More…
Resources
Getting Started
COVID-19 Resources
White papers
Webinars
Case studies
Product briefs
Infographics
Yubico blog
Authentication standards
Videos
Developer program
Company
About us
Trust in Yubico
The team
Innovation history
Careers & culture
Press room
Contact us
Partners
Events
Our customers
Affiliate program
Support
Support services
Professional Services
Set up your YubiKey
Knowledge base
Documentation
Downloads
Security advisories

Cookies Legal Trust Privacy Terms of Use

Yubico © 2021. All Rights Reserved.

We use cookies to ensure that you get the best experience on our site and to present relevant content and advertising. By browsing this site without restricting the use of cookies, you consent to our and third party use of cookies as set out in our Cookie Notice.
Accept Settings
Yubico Privacy and Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisement

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Preferences

Preference cookies are used to store user preferences to provide content that is customized and convenient for the users, like the language of the website or the location of the visitor.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Save & Accept
Scroll to top