A security method requiring two forms of identity verification — typically a password and a one-time code — before granting access to a system or application.