Types of two-factor authentication: Which 2FA is best?

Let’s face the facts: many of us are bad at passwords. We choose weak ones that are easy to guess, like "password 123," or we use the same password for multiple accounts. Even if we come up with strong, unique passwords for every online account, a password can still be stolen in a phishing scam. This is where 2FA can save the day.
by Alyssa Schmitt
Woman sits on living room floor shopping on laptop
Entering an online banking PIN is one type of 2-factor authentication

Why is 2FA important? It provides an extra layer of security: In addition to entering a password, we have to do something else to prove we are who we say we are. This extra layer of security can be highly effective in protecting you from the dangers of a hacked account.

Today we’ll look at different examples of two-factor authentication and discuss which 2FA is best.

How many types of 2FA are there?

Broadly speaking, there are three types of second-factor authentication based on the following categories:
  1. Something you know: passwords, PINs, answers to security questions, etc.
  2. Something you have: smartphone, USB drive, smart card, etc.
  3. Something you are: fingerprint, facial recognition, retina scan, etc.

Bonus explainer: Is there a difference between MFA vs. 2FA?

In addition to two-factor authentication, you may have also heard the term “multi-factor authentication” or “MFA.” In multi-factor authentication, there are two or more steps to the authentication process. For example, you might be asked to enter a password, insert a security key, and type in a code sent to a smartphone. Two-factor authentication is a common form of MFA in which the number of verification steps is limited to two.

Types of two-factor authentication

The second factor of 2FA can take many different forms. Here are 10 examples:
  1. One-time codes: When you log in with your username and password, you receive a one-time code, usually by text message, but sometimes by email or voice call. You must enter this code to complete the login.
  2. Password: Sometimes the first factor is something you have, like a credit or debit card, and a password – often a PIN in this case – serves as the second factor.
  3. Security question: You are asked the answer to a prearranged question, e.g. “What is your mother’s maiden name?” For more information, see: Are security questions secure?
  4. Pre-generated list of codes: It used to be common for banks to send a printed list of one-time codes (TANs) that had to be entered to complete online banking transactions. This has largely been replaced by digital forms of 2FA.
  5. Authenticator app generating one-time code: Instead of a code sent to you by the company, you enter a code that is randomly generated by an authentication app on your phone. For more information, see: What is an OTP authentication app?
  6. Biometrics: Gaining access through a retina or voice scan used to be the stuff of spy thrillers, but nowadays our smartphones use fingerprint or facial recognition as the second factor, and fingerprint verification is possible on some laptops as well. See also: Protect your email app with fingerprint or facial recognition
  7. Location: Based on your IP address, sometimes when you try to log in to an account from a new device, you will receive a text or email from the company asking if you are the one logging in. If the login does not originate with you, the company can block the account.
  8. Dedicated service-provider app: Some financial institutions or online payment services like PayPal have their own apps that you can use to verify online transactions. This app is usually protected by its own password, PIN, or biometric login.
  9. Security key: Also known as a security token, this is a physical piece of hardware that is plugged into a computer’s USB port to authenticate a login.
  10. Smart card: Another physical token used in 2FA is a smart card containing a chip. You may be more familiar with smart cards to allow access to a room or building, but smart cards can also be used for authentication on a computer, usually using a card reader.

Which is the strongest 2FA method?

The most effective 2FA method will be the one that works well for you. A physical security key, for example, is an extremely strong form of authentication that can’t be cracked through phishing. However, the drawback is that if you forget to carry it with you, you won’t be able to log in. An OTP app is more secure than a code sent by text or email that could be intercepted, but it requires some setup and you have to have access to your device in order to use it. And a password or PIN can offer strong protection, but only if you choose one that isn’t easy to guess, don’t reuse it for multiple accounts, and are scrupulous about keeping it to yourself.

Good to know: Is email-based 2FA a good idea?

If you don’t like receiving verification codes by text message, you may have asked yourself why email isn’t more commonly used to deliver login verification requests in a multi-factor authentication process?

There can be some disadvantages to using an email message as the second factor to verify a login. This is because in two-factor authentication, the first factor is usually a password – followed by a second factor such as a code, a biometric scan, etc. Unfortunately, many people use weak passwords or reuse their passwords for multiple accounts.

This can leave their email account vulnerable, because someone may guess their password or learn it through a password leak on another service. So, if your first factor is a password which has been compromised, it can be dangerous to send a verification code or link to an email address that uses the same password: If the hacker gains access to your email, your second factor can no longer protect you.

What are the pros and cons of using 2FA?

Two-factor authentication is used to block unauthorized access to your online accounts. As hacking and phishing become ever more common, this enhanced security is the primary advantage of 2FA. Even if a cybercriminal has gotten their hands on your password, they still have an extremely hard time bypassing this extra layer of protection. From a user point of view, the cons of 2FA can be a longer login time and the risk of being locked out of an account if they lose access to the verification factor.

Pro tip: 2FA for your mail.com email

mail.com gives you the option of activating 2FA for your mail.com account. Our 2FA process makes use of an authenticator app that you install on your smartphone. Learn more in our deep dive: Email 2FA: How can two-factor authentication keep online accounts safer?

Still don’t have a mail.com account? Sign up for free today!

Images: 1&1/Shutterstock

19 people found this article helpful.

Related articles

2FA not working? Use the 2FA secret key to restore access

Email 2FA: How can two-factor authentication keep online accounts safer?

What is an OTP authentication app & why do I need it for 2FA?