Two-factor authentication (2FA), also known as multi-factor authentication, might not be enough, the US National Institute of Standards and Technology (NIST) has repeatedly warned us this year. Meant to provide an extra layer of security by sending a code to a token generator or an SMS to a phone only the user has access to, this option has annoyed users and not necessarily stopped hackers.
In 2011, Google became the first company to understand that the original first layer of online security consisting of username and password was no longer a reliable option to authenticate users, so they implemented two-factor authentication.