# Two-factor authentication (2FA)

**What is two-factor authentication?**

Two-factor authentication asks for a second proof alongside the password at login, such as a code from an app or a security key you plug in. A stolen password on its own is then no longer enough to get in.

Public bodies such as the German BSI list two-factor login among the most effective single measures against the misuse of stolen credentials. Microsoft 365, Google Workspace, common VPN products and many industry applications already include it; it only has to be switched on.

The methods differ in strength. A code by SMS is less well protected than an app or a security key, because a phone number can be taken over. For accounts with administrator rights, a security key is the most robust option.

## Related terms
- [Password manager](https://vetosec.at/en/it-security/passwortmanager/)
- [Password attack](https://vetosec.at/en/it-security/passwortangriff/)
- [Permission model and least privilege](https://vetosec.at/en/it-security/berechtigungskonzept/)

## Source
https://vetosec.at/en/it-security/zwei-faktor-authentifizierung/ (vetosec, schutz)
