Which of the following examples illustrates two-factor authentication?

Two-factor authentication (2FA) is a security process that requires two different forms of identification to verify a user's identity. This mechanism enhances security by adding an additional layer beyond just a password. In this context, the combination of a password and a fingerprint scan exemplifies this concept effectively.

A password is something the user knows, while a fingerprint scan is something the user has—specifically, their biometric data. The two factors here belong to different categories of authentication, which is a critical aspect of 2FA. By requiring both a piece of knowledge and a unique physical characteristic, this method significantly reduces the likelihood of unauthorized access compared to relying on a password alone.

Other options mentioned do not fulfill the criteria for true two-factor authentication. For example, a username and a password consists of two pieces of knowledge but provides no additional verification method. Email verification and a security question, while they include two elements, typically fall under the same category of knowledge-based authentication. Lastly, a password and a CAPTCHA also remain in the realm of knowledge, as both rely on what the user knows rather than involving a second form of authentication from a different category. Thus, the combination of a password and a fingerprint scan is the only example that illustrates two-factor authentication correctly.