There is a rapid adoption taking place of multi-factor authentication, also called two-factor authentication.
Many online applications now offer a form of 2FA. There are a number of options available to organizations now that smartphones are prevalent in the marketplace. Take a look at Google Authenticator as one example. This is a single application the end user installs that can be integrated into multiple products including their personal sites. Or you can tap into SMS to send a code to the users mobile device. Years ago we needed a physical token to accomplish this same thing.
The purpose of this article is not to go through the pros and cons of 2FA. The purpose is to highlight the market shift taking place. Years ago, any discussion of 2FA was just that, a discussion. It was a good idea anyone could agree to, but very few companies were implementing it. It was just discussion.
Today, we are seeing a huge adoption of 2FA. If I get a chance I will turn it on for any site I access, without secondary thought. There are some security holes in sending a text to a user who signs in, I acknowledge that, a phone could be stolen. However, the benefits far outweigh the negatives.
When we perform a security assessment, we test if we can compromise the passwords inside of an organization by stealing the file from Windows. If that organization uses 2FA this would only be half of the needed information to access data.
Doing something is better than nothing. Have you seen this? Can you see the market shifts taking place? What plans do you have in your organization to increase security?