A Guide to Two-factor authentication

Two-factor authentication (2FA) is something of a buzz-word at the moment, made higher profile by the fact that Google has introduced it as an optional way to increase the security of user accounts (including Gmail).

What is it?

One factor authentication requires a single step to verify your identity, such as knowing your username and password. 2FA provides another layer of protection against hackers by also requiring you to have something (in Google’s case this is your smart phone).

Two-step authentication is common in secure physical work places, where in addition to needing passcodes/doorcodes etc. (i.e. what you know), employees are required to carry a smartcard, USB thumbdrive, or similar physical object to prove what they have.


The requirement for both a bank card and PIN number when using an ATM is another good commonly used example of two-factor authentication.

By requiring proof of ‘what you know’ and ‘what you have’, two-factor authentication greatly improves security.

Three-factor authentication

The more layers of authentication used, the more secure a system is, so some highly secure systems add a ‘who you are’ component. At its most basic this can be a photo ID, but more sophisticated methods such as fingerprint, retina pattern, handwriting style, voice pattern recognition, etc. are becoming increasingly common.


The biggest problem with 2FA is that it’s an added hassle, and in a world where ‘password’ and ‘123456’ are the most commonly used passwords, many can simply not be bothered with it.

While much more secure than one-factor authentication, 2FA (and 3FA for that matter) is still vulnerable to man-in-the middle, man-in-the-browser, keylogging, and other well-known hacking attacks. Each authentication factor added, however, does make such attacks much less likely to succeed.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.


There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit

Strong presence, no-logs policy