Introduction

This blog is dedicated to the discussion of 2-factor authentication. What is 2-factor authentication, you ask? Well, think of an ATM - to log in and get cash, you need to present your card and a PIN. The card is something you have - a physical token. The PIN is something you know - an information token. Each one is a "factor" of authentication, contributing to the ATM network's ability to verify your identity. This premise is critical to effective security in any online transaction - whether you're logging into your PC remotely, accessing your bank account, or working on a corporate application. Without true 2-factor authentication - a physical token and an information token - it's just too easy for an attacker to gain unauthorized access to private information. That's because passwords are so simple to steal, buy, or guess. The physical token, an item that only you have in your possession, is the crucial piece of the puzzle. In this blog, we'll endeavor to discuss the latest advances in 2-factor (and 3- or more factor) authentication, as well as talk about security incidents that could have been avoided by using 2-factor authentication to verify the identities of the individuals involved.

In the interests of full disclosure, my colleagues and I on this blog are also part of the team at Plethora Technology, producers of the 2-factor authenticated information access and sharing system Enterprise-in-a-Flash. More information at www.enterpriseinaflash.com. From time to time we may post about our own product, but in general, this blog is intended to foster discussion about 2-factor authentication as an important idea for security in today's world, no matter whose product is implementing it.