multi-factor authentication

This article is a stub. You can help the IndieWeb wiki by expanding it.

multi-factor authentication (commonly two-factor authentication, abbreviated 2FA or TFA) is an authentication process that requires at least a second component to a standard authentication method. Typically the second component is something user possesses, like a TOTP application or a hardware key (often USB).

SMS
TOTP
IndieAuth
twofactorauth.org, comprehensive list of sites and whether they support 2FA, which kinds, etc.
https://twitter.com/blaine/status/993462650389573632
- "Observe Ben, a veteran and expert in security and online systems. He's thoughtful, considerate, and organized.
  
  Our collective best practice approach to security just threw him under the bus. We need to do better, because most people are much less able to deal with this than Ben." @blaine May 7, 2018
Web Authentication
andOTP is an open-source TOTP and HOTP application for Android that allows for encrypted backups of your key data.
2018-07-16 How-To Geek: What To Do If You Lose Your Two-Factor Phone
https://twitter.com/scalzi/status/1153754441562173440?s=20
- "When two factor authentication goes wrong." @scalzi July 23, 2019
^^^ https://twitter.com/garetharnolduk/status/1153752623029346305
- "So, just remembered he needs my phone to login to his Twitter. Shit. Sorry mate. Consider it payback for all the nonsense I said to people defending you." @garetharnolduk July 23, 2019
https://paulstamatiou.com/getting-started-with-security-keys/
https://twitter.com/sarasoueidan/status/1280105183821824000
- "👆🏻 And that is why using SMS for 2FA sucks. Also, when you're traveling and are using a different SIM card, too." @SaraSoueidan July 6, 2020
Common misconception(s): That’s not how 2FA works
criticism: bad for usability https://twitter.com/jensimmons/status/1465755901231566858
- "🧵on 2FA:
  “People who don’t have phones still need access to their email accounts.”" @jensimmons November 30, 2021
Wikipedia:Multi-factor_authentication

See Also