Two Factor What? Everything you need to know about Two Factor Authentication (2FA)

What’s the first thing you think about when someone mentions keeping your online accounts safe? We bet it’s having a long, complicated password. And this is because for many years, having a strong password was the main way to secure an account.

But passwords are vulnerable. And every time a B2C company is hacked, there’s a high chance that your login details have been compromised and will soon be available for criminals to purchase on the dark web. That’s where security measures like Two Factor Authentication come in.

What is Two Factor Authentication?

Two Factor Authentication (also known as 2FA or 2-step verification) is the practice of setting up an added layer of security to your logins. It allows an application to link your user to an authentication mechanism (i.e. Google authenticator app or your mobile phone). When you enter your password to login, it generates a number that expires quickly and is recognized by the application to confirm that your login is valid.

Most applications that deal with sensitive data provide support for 2FA, some of these applications being email, cloud storage, banking, business applications etc.

Why is Two Factor Authentication important, and why aren’t passwords enough?

There is a constant security threat to any organization that provides services over the internet – which is a lot of businesses. Cyberattacks are becoming increasingly sophisticated, and a successful one makes it possible for third parties to steal long lists of usernames and passwords. With this information, third parties can gain access to these accounts and can attempt an account takeover.

This risk is further exacerbated by the fact that many people use the same password in many applications. This means that when attackers get access to someone’s username and password combination, they can access several of that person’s applications.

So, an easy way to prevent this type of unauthorised access is to activate Two Factor Authentication, particularly in applications that contain sensitive data. Preventing access to your account can help protect your personal information and prevent further leaks or loss of data. When you have 2FA active and a third party tries to gain access to your account using your username and password, they will be asked for the 2FA number which they will not have, preventing access to your account.

What are the different types of Two Factor Authentication?

While they all work under more or less the same premise, there are a number of different types of two factor authentication available:

Authenticator App 2FA: this is where the user downloads a free authenticator app to their mobile device. When the user attempts to log in, they’ll need to open the app and use the unique one time passcode (OTP) provided.

SMS text or voice-based 2FA: this is where the user is sent a unique code via text message to a mobile device. Alternatively they’ll receive a call to their phone number with their code. The user then needs to enter this code to complete their login.

Push-based notification 2FA: this is when a notification is sent to the relevant app already installed on the user’s phone (for example the Gmail app). Then the user just needs to approve.

Hardware token/key 2FA: this is one of the earlier forms of 2FA, and is when the user is issued with a device which they use to receive a numeric code for login.

Biometric approval: this is a relatively new addition to the 2FA world, where the user provides a piece of biometric data (i.e. fingerprint or facial recognition image) and this is used to compare and confirm their identity at login.

Remember to protect your recovery codes

Recovery codes are one-use codes issued when you’re setting up 2FA. Remember to keep a record of them, as they’ll enable you to access your account if your authentication device (i.e. mobile phone) is lost or stolen.

Why doesn’t everyone use Two Factor Authentication?

Two Factor Authentication may sound like a no-brainer, but worryingly, ‘How to turn off two factor authentication’ is quite a popular Google search term.

Simply put, people like convenience. People are accustomed to using just their password when logging in to an account, which in many cases is stored in their computer or browser. So, having to open an app or pull a key to log in to their account is more time consuming.

But while 2FA may add another step to your login process, in a world with an ever-increasing risk of account takeovers, the security it provides is invaluable. More and more applications offer it, and a large number of companies are now making it mandatory for their employees. This is particularly significant during these post-COVID times, when working from home and logging in remotely is now the norm in most businesses.

What’s the difference between Two Factor Authentication and Multi Factor Authentication?

Two Factor Authentication and multi factor authentication aren’t that different. Whereas 2FA uses just one other device to authenticate a user’s login, multi factor may use a number of devices or factors to authenticate. Some companies with a lot of sensitive, financial, or personal information at risk may choose multi factor authentication as an added measure.

How to see if you’ve been part of a data breach

It doesn’t matter if your password is complex or long, or if you have different passwords for different accounts. The truth is if your password has been part of a data breach then your account is at risk. is a useful tool that helps you check if your email and password have ever been part of a data breach. Google also offers a similar functionality that allows you to check if any of your passwords stored in the Chrome password manager are part of an exposed data breach.

Does Red Sift offer Two Factor Authentication on its products?

Of course! If you want to activate 2FA in your OnDMARC application you can go to My Account (top right), scroll down to Security and click on Enable two-factor authentication. You can also consult our step-by-step article.

Not an OnDMARC customer but want to try it out? Why not sign up below for your free trial.


Gino Coquis

16 Aug. 2021



Recent Posts


Red Sift Recognized on Deloitte’s EMEA Fast 500™ List

Francesca Rünger-Field

We’re thrilled to share that Red Sift has been included in Deloitte’s 2023 EMEA Fast 500 list. This recognition stems from 389% revenue growth over three years, $54 million in Series B funding, acquiring ASM innovator Hardenize, and introducing the Red Sift Pulse Platform. Read the press release here. About the award The Deloitte Technology Fast…

Read more
Brand Protection

The vital role of cybersecurity for Nonprofits: A deep dive 

Sean Costigan

Save the Children, a beacon of hope and change, has been dedicated to improving the lives of children for over a century. Founded in London, it now has a presence in 29 nations, employing 844 staff members in the UK alone and engaging over 3600 formal volunteers. As charities and nonprofits like Save the…

Read more

Red Sift brings DMARC data to the SOC with new Cisco XDR…

Rebecca Warren

Today, we’re thrilled to announce that we’re extending our partnership by joining the Cisco Security Technical Alliance and integrating Red Sift OnDMARC with Cisco XDR. This integration builds on the Domain Protection partnership we announced in November 2023 to bring visibility of business email compromise into the SOC (security operations center). At release, Red…

Read more

Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more