LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

What does adding 2FA (e.g. a code to your phone) accomplish, and what are the "factors"?

It requires two independent factors — "something you know" (password) + "something you have" (your phone) — so a stolen password alone isn't enough.

The three classic authentication factor categories:

  • Something you know — password, PIN.
  • Something you have — phone, hardware token, smartcard.
  • Something you are — fingerprint, face (biometric).

In the flow: after the password matches, the app sends a code to the user's mobile phone; the user enters it, and only then is access granted. An attacker who phished the password still lacks the second factor.

The catch: classic 2FA (SMS/OTP codes) is still based on shared secrets and can be phished in real time — a fake site relays your code instantly. It raises the bar a lot, but it's not phishing-proof.

Tip: Two factors must be different categories to count. Password + security question = still just "something you know" twice.

From Quiz: ISF / Integrity & Content Authenticity (C2PA) | Updated: May 31, 2026