Two-factor Authentication (2FA) or Multi-Factor Authentication is the ability to use at least two forms of authentication for a login. This adds an extra layer of security to your accounts for very little effort applied. This post will cover some of the methods available for client-side 2FA, as well as the pros and cons of each method. Implementing server-side 2FA will come in a later post, and will provide a more in depth look at setting up things like TOTP, SMS, and Email on the server-side.
The most common method as a second form of authentication is SMS, where a code is sent to a phone number that was specified when setting up 2FA. The next most common methods would be a phone call or an email. But probably the best methods would be the use of a hardware token or a software token. Let’s take a look at the methods available and their advantages and disadvantages.