Two-Factor Authentication

Two-factor authentication (2FA) verifies identity using two different factor types at login: knowledge (password, PIN), possession (smartphone, security key), or biometric (fingerprint, face). Combining two different types prevents unauthorized access even if one factor is compromised.

QR codes dramatically simplified 2FA adoption. In TOTP (Time-based One-Time Password) setup, services display a secret key as a QR code that users scan with authenticator apps like Google Authenticator - eliminating manual entry of 32-character keys and making 2FA accessible to non-technical users.

QR codes also serve as authentication mechanisms themselves. LINE and WhatsApp desktop login displays a QR code on the PC screen; scanning it with a smartphone authenticates using device possession as the second factor.

However, QR-based authentication carries risks. "Quishing" (QR code phishing) involves attackers displaying fake login QR codes to hijack authentication sessions. Users should verify the source before scanning any authentication QR code.