Two-factor authentication or verification is a security process where a user is required to provide two authentication factors for authentication or verification. Typically, the first factor is a password provided by the user and the second factor is a random code provided to the user through another communication channel, such as via email or text.
Unfortunately, users often use the same password for their email as their secure accounts so that when one is comprised the same password works for the other account. Accordingly, in this scenario an attacker can request the code on the registered email and therefore successfully bypass the two-factor authentication. Additionally, even when not comprised, users often do not like the fact that they need to fetch a code the second factor from SMS or email for to be able to login.
Additionally, single factor authentication or a first factor of multifactor authentication requires a user to enter a username and password to verify identity. In this scenario, during initial registration a user may be assigned or generate a unique username and password for authentication which the user must remember.