I just hit upon the article by Randall Stross "Doing the Two-Step, Beyond the A.T.M." among the New York Times news. The article first compares using a PIN code to using a password, just like I did some time ago. It then goes into suggesting the generalization of two-factor authentication with the help of a smartphone. Clearly, there's a need and a market here.
Whatever the solutions that will come up in the next years, they'll have to face the following challenges:
- Be user-friendly enough.
- Be applicable both for individual use and for corporate use (at least, integrate in BYOD processes).
- Allow for safe backup methods in case you lose one of the two factors, for instance, a stolen smartphone.
- Allow for Single Sign-On : avoid user-side repetitions.
- Allow for federation : avoid server-side repetitions, like maintaining similar lists of users in multiple applications.
- Allow for automated patches/updates. There will be flaws in the beginning, that will require patching.