2FA or two-factor authentication uses a second factor in adding up to your password before accessing to a
site. Generally, this second attribute is something you involve.
Within the previous few years, the idea of 2FA or two-factor authentication has got huge attention, and now various websites support it. But obviously, website operators cannot provide ATM-like cards to everybody who registers for their service, so how do they do it? With something almost everyone already has: mobile phones. Some of the most accepted web services now hold up 2FA by delivering a code through text message to the registered member's phone number when it observes them logging in from a computer they have not used previously.
But, privacy thought requires extra DETAIL to trigger an SMS. Not everyone can trigger an SMS; or else the user would get spammed with text message on his mobile phone. You may use trigger and send services in following ways:
1. The user verifies with his OTP or one-time password PIN. Privacy thought comprehends that this is the right password for an SMS indication and will deliver the SMS.
2. An organizational or system account asks for sending an SMS for this particular user.
In both cases, the 2FA structure of your application has to offer the likelihood to give a REST request before the user verifies. As this first REST request will deliver the code to user, which he then can use to lastly verify.