Two-factor authentication is an approach to authentication which requires the presentation of two or more of the three authentication factors:
Web services is open to unverified third-partied. We cannot guarantee that all uses will be in the best interest of the players or you might be accessing web services from a shared computer. Enabling Two Faction Authentication, will add an extra layer of security. Most people only have one layer - their password - to protect their account. With Two Faction Authentication, if a bad guy gets your password, they'll still need your phone to use your account via web services.
When Two Faction Authentication is enabled, when you are sent to our site to authorise an app to access your data, you will be asked to first login (using your knowledge factor, your SW Combine password) and then to enter a uniquely generated verification code (your possession factor). This code is an time-base one-time password (TOTP), code that will change after 30 seconds and can only be used once. Our implementation uses an open standard to, and can be retrieved by any app that generate TOTP codes like a mobile app, such as Google Authenticator ( iOS, Android, or Blackberry).
Enabling Two Faction Authentication as easy as going to the Web Services tab, in settings and clicking the "Enable" button in the Security section. Once you've done this, you'll see "Account Name" and "Password", enter this into your app or if you app supports it you can scan the QR Code to set it up instead.