Two-Factor Authentication (2FA) is a security mechanism that requires users to provide two distinct forms of verification before gaining access to a system or account. These factors typically combine something you know (such as a password) with something you have (such as a mobile device generating a time-based code) or something you are (such as a fingerprint). By requiring two independent factors, 2FA significantly reduces the risk of unauthorised access even if one factor is compromised.
Implementing 2FA is one of the most effective and accessible security measures an organisation can adopt to protect against credential theft and phishing attacks. Modern implementations favour authenticator apps or hardware tokens over SMS codes, as SMS is vulnerable to SIM-swapping attacks. Enforcing 2FA across all user accounts, particularly for privileged and administrative access, is a baseline expectation in most security frameworks and compliance standards.