How does Two-Factor Authentication work?
When you want to sign into your account, you are prompted to authenticate with a username and a password – that’s the first verification layer. Two-factor authentication works as an extra step in the process, a second security layer, that will reconfirm your identity. Its purpose is to make attackers’ life harder and reduce fraud risks. If you already follow basic password security measures, two-factor authentication will make it more difficult for cyber criminals to breach your account.
What are the authentication factors?
There are 3 main categories of authentication factors
1. Something that you know – This could be a password, a PIN code or answer to a secret question.
2. Something that you have – This is always related to a physical device, such as a token, a mobile phone, a SIM, a USB stick, a key fob, an ID card.
3. Something that you are – This is a biological factor, such as a face or voice recognition, fingerprint, DNA, handwriting or retina scan. However, some of these are quite expensive, so, unless you work in a top secret / Mission Impossible kind of facility, you probably don’t have this kind of authentication method implemented.
Time and location factors can also be used. For example, if you log into your account and someone tries to log in from a different country 10 minutes later, the system could automatically block them.
Credit : https://heimdalsecurity.com/blog/start-using-two-factor-authentication/