The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the trusted device.

Azure Multi-Factor Authentication helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy verification options.
Methods available for two-step verification
When a user signs in, an additional verification is sent to the user. The following are a list of methods that can be used for this second verification.
| Verification Method | Description |
|---|---|
| Phone call | A call is placed to a user’s registered phone. The user enters a PIN if necessary then presses the # key. |
| Text message | A text message is sent to a user’s mobile phone with a six-digit code. The user enters this code on the sign-in page. |
| Mobile app notification | A verification request is sent to a user’s smart phone. The user enters a PIN if necessary then selects Verify on the mobile app. |
| Mobile app verification code | The mobile app, which is running on a user’s smart phone, displays a verification code that changes every 30 seconds. The user finds the most recent code and enters it on the sign-in page. |
| Third-party OATH tokens | Azure Multi-Factor Authentication Server can be configured to accept third-party verification methods. |
Azure Multi-Factor Authentication provides selectable verification methods for both cloud and server. You can choose which methods are available for your users: phone call, text, app notification, or app codes. For more information, see selectable verification methods.
Next steps
Read about the different versions and consumption methods for Azure Multi-Factor Authentication
Choose whether to deploy Azure MFA in the cloud or on-premises
Read answers for Frequently asked questions




