2FA / dvojfaktorová autentifikácia
Two-Factor Authentication (2FA) / Multi-Factor Authentication (MFA)
A security mechanism requiring two independent factors to verify identity — typically a password plus a one-time code or passkey.
What is 2FA?
2FA (Two-Factor Authentication), or two-factor authentication, is a security mechanism requiring two independent factors to verify a user’s identity at login. A common example: you enter your password (factor 1) and then confirm the login via an app on your phone (factor 2).
MFA (Multi-Factor Authentication) is a broader term — it uses 2 or more factors. In practice, the terms 2FA and MFA are often used interchangeably.
Three categories of factors:
| Category | Examples |
|---|---|
| Something you know | Password, PIN |
| Something you have | Phone with authenticator app, hardware token |
| Something you are | Fingerprint, facial recognition |
True 2FA combines two factors from different categories.
When it is used
In 2026, 2FA is de facto mandatory for:
- Administrator accounts in every system
- Email (especially corporate)
- ERP / CRM / banking
- Cloud services (AWS, Azure, GitHub)
- VPN
Microsoft reports that 2FA blocks 99.9% of automated attacks. Without 2FA, a compromised password is a direct entry point into the system.
Types of 2FA by strength
| Type | Strength | 2026 Recommendation |
|---|---|---|
| Passkey (FIDO2/WebAuthn) | Highest | ✅ Default for critical accounts |
| Hardware token (YubiKey) | Very high | ✅ For administrators |
| TOTP via app | High | ✅ Default for most users |
| Push notification | High (with number matching) | ✅ For enterprises with SSO |
| SMS OTP | Low | ❌ Deprecated, replace |
SMS is deprecated — vulnerable to SIM swap attacks and SS7 protocol weaknesses. NIST has recommended against using SMS for 2FA since 2017.
Backup codes and recovery
When enabling 2FA, every service provides 8–10 single-use backup codes. These must be stored securely (in a password manager) — if you lose your phone, they are the only way back into your account.
Related terms
- SSO — Single Sign-On, often combined with 2FA
- GDPR — 2FA is part of “appropriate measures” under Art. 32
In Modulario
Modulario supports:
- TOTP compatible with all authenticator apps (Google Authenticator, Microsoft Authenticator, 1Password, Authy)
- Passkey / WebAuthn since 2025
- Hardware tokens via the WebAuthn standard
- SSO via SAML 2.0 / OIDC (Azure AD, Google Workspace, Okta, Keycloak, Auth0)
- Enforced 2FA at administrator level — mandatory for all users or selectively by role
- Recovery codes with secure storage
- Audit log of all 2FA enrolment, success, and failure events
2FA configuration is part of the People module — the administrator sets policies for the entire organisation or for selected roles.
For a detailed guide on deploying 2FA, see the cluster article Two-Factor Authentication (2FA): Why and How to Deploy It and the pillar Cybersecurity for Business Data.
Related terms
SSO
An authentication mechanism that allows a user to log in once and gain access to multiple applications without repeatedly entering a password.
SSL
A cryptographic protocol for encrypting and authenticating internet communications. The foundation of HTTPS.
RBAC
An authorisation model in which permissions are assigned through roles rather than to individual users — simpler management and auditability.
GDPR
The EU regulation on personal data protection in force since 25 May 2018 — defines the rights of data subjects and the obligations of controllers.
Related Modulario modules
Implementing 2FA / dvojfaktorová autentifikácia in your company?
Modulario covers most B2B processes modularly — deploy only what you need now and grow gradually. Book a free consultation.
Book a consultation