"Something you know, and something you have." Login systems that require only a username and password can be vulnerable to someone else obtaining (or guessing) those pieces of information. Services that offer two-factor authentication also require you to provide a separate confirmation that you are who you say you are. The second factor could be a one-off secret code that is sent to you via email or text, a number generated by a program running on a mobile device, or a separate device, such as a USB authentication token that you carry and that you can use to confirm who you are. Companies like banks, and major internet services like Google, PayPal and Twitter now offer two-factor authentication.