Two-factor authentication is a security process that verifies a user's identity by requiring two distinct types of credentials—typically a combination of something you know (like a password) and something you have or are (like a code, device, or biometric)—before granting access.