The most secure method today trusts a USB key that generates new codes when you lightly press your finger against it. The most basic (and least secure) of this method of securing accounts involves sending the one-time code over text message or email. It’s like using a debit card with a PIN, but the PIN, which changes each time, can be used with a wide range of services from companies including Google, Apple, Facebook,, Microsoft, PayPal, Slack, Twitter, Dropbox, Nintendo, and Twitch.
Two-factor authentication, also known as 2FA, works in several ways, all of which result in delivering to the user a one-time, second password or passcode for accessing accounts. What the design itself does make clear is that when security-minded consumers upgrade their devices, they will have to take a few extra steps to migrate their two-factor authentication apps.
Why the tech giant prematurely exposed its plans isn’t entirely clear. Last week, at least three months ahead of expectations, Google leaked the design for its upcoming Pixel 4 phone.
