2FA (Two-Factor Authentication) is the second layer of security when logging into a website or online service. It consists in entering a one-time, individual code that’s different each time. This code can be provided by e-mail, SMS, or connecting to a mobile application, such as 2FAS. The method depends on the service. In practice, after enabling 2FA security in a given website or service, when logging into it, we must enter the login, password, and then our code.

We divide 2FA tokens into two types: time-based tokens (TOTP) and event-based tokens (HOTP). TOTP codes are generated generally every 30 seconds. HOTP codes are generated on request, generally when user click “download code” or ”refresh code”. The service decides what type of 2FA code (TOPTP or HOTP) is used.