Two-Factor Authentication, Explained
Why a password alone isn't enough anymore, how the common second factors actually work under the hood, and which ones to trust with your real accounts.
- One Secret Isn't Enough Why passwords alone keep failing — reuse, phishing, and breaches — and the something-you-know/have/are framework that fixes it.
- How the Common Methods Actually Work SMS codes, authenticator apps (TOTP), and hardware keys (WebAuthn) all count as 2FA — but they resist attacks very differently.
- What This Means for You What to actually turn on as a user or builder, why backup codes matter, and the account-recovery tradeoff that 2FA introduces.