Two Factor Authentication
Overview
The two-factor API underwent breaking changes in version 1.26. The below only applies to version 1.25 or below. See the 1.26 release notes, the MFA APIs, or the Multi-Factor Authentication guide for more information.
Two Factor authentication adds an additional step to the authentication process. In addition to requiring a valid email and password to authenticate, a two factor authentication code is required.
The general idea of Two Factor authentication is to require something you know and something you have to complete authentication. Using this pattern protects the User against having their credentials compromised because even if you know someone’s email and password, unless you also possess the device that generates the two factor authentication code you are not able to complete an authentication process. In most cases the device the user will possess will be a mobile phone.
Feedback
How helpful was this page?
See a problem?
File an issue in our docs repo
Have a question or comment to share?
Visit the FusionAuth community forum.