Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is a security method that requires users to provide two distinct forms of identification before accessing an account or resource. The first factor is typically something you know, such as a password or PIN. The second factor is something you have, like a code from a mobile authenticator app, an SMS message, or a hardware security key. By combining two independent verification steps, 2FA ensures that a compromised password alone is not enough to gain access. This principle extends beyond login screens — it can also protect access to shared documents and publications.

Password breaches rank among the most frequent security incidents across all industries. Attackers obtain credentials through phishing campaigns, credential stuffing from leaked databases, or brute-force attacks. Once they have a password, an unprotected account is fully exposed. For publishers sharing confidential reports, client presentations, or internal training materials, a single compromised account could expose sensitive reader data, payment information, and proprietary content. 2FA blocks this attack path by requiring a second verification factor that the attacker does not possess, making unauthorized access significantly harder.

FlipLink supports secure account access through Google and Microsoft sign-in options. By using these identity providers, users benefit from the 2FA protections already configured on their Google or Microsoft accounts — if you have 2FA enabled on your Google account, that same protection extends to your FlipLink login. For organizations managing sensitive publications through FlipLink's [team collaboration](/features/team-collaboration) features, this ensures every team member's access is protected by their identity provider's security policies without requiring FlipLink to manage a separate 2FA system. At the publication level, FlipLink offers [OTP verification](/glossary/otp) combined with [email allowlists](/glossary/email-allowlist), which functions as a two-factor gate: readers must be on the approved list (identity verification) and enter a one-time code sent to their email (possession verification).