Two-Factor Authentication (2FA) has been widely adopted as a fundamental security standard, yet sophisticated cyberattacks continue to exploit security loopholes that often lie not in the protocol itself, but in its implementation. This study aims to systematically synthesize current scientific literature to uncover the root causes of the gap between the theoretical security of 2FA protocols and practical exploitation risks in the field. Using the Systematic Literature Review (SLR) method with PRISMA guidelines, 43 high-quality articles (Q1-Q4) from the Scopus database published between 2020 and 2025 were analyzed using thematic synthesis. The findings reveal a central paradox where, although 2FA protocols are becoming mathematically stronger, 88% of failure points have shifted to implementation fundamentals; the most critical weaknesses identified are the storage of secret keys in plaintext format on client applications and the effectiveness of social engineering attacks against users. This study concludes that real-world 2FA security is determined more by the quality of implementation code and user awareness than by the cryptographic strength of the protocol alone, implying that industry priorities must shift from developing new protocols to enforcing secure implementation audits and continuous user education.
Copyrights © 2026