TFA_SAMP is the first two-factor authentication (TFA) method for San Andreas Multiplayer which uses third party (Authy) web APIs to provide the service. Therefore, TFA_SAMP does not directly provide the TFA features.

Two-factor authentication (also TFA, T-FA, 2FA or multi-factor authentication) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something only the user knows"), a possession factor ("something only the user has"), and an inherence factor ("something only the user is"). After presentation, each factor must be validated by the other party for authentication to occur.

This include only provides the possession factor, therefore you must have a system already included in your script that uses the knowledge authentication factor.

This include allows you to communicate with API requests to Authy's servers and to use your cellphone as second factor, which is the possession factor. In order to be it two-factor, thus increasing the account' security, you must ask for the password and the token sent via SMS or taken by the phone application.

So, what is Authy? Authy is what gives us the API to communicate with the server and to send the SMS / verify the token taken by your phone.

If you are worried about security, the API requests through the production method are sent through HTTPS requests, and all the information are not saved in any TFA_SAMP database but in Authy's databases which are completely safe and secure.