Wednesday, October 24, 2012

Two-Factor Authentication with a Smartphone

Passwords are now depleted. We used them too much and we need something else. That's my feeling since a few years.
I just hit upon the article by Randall Stross "Doing the Two-Step, Beyond the A.T.M." among the New York Times news. The article first compares using a PIN code to using a password, just like I did some time ago. It then goes into suggesting the generalization of two-factor authentication with the help of a smartphone. Clearly, there's a need and a market here.

Whatever the solutions that will come up in the next years, they'll have to face the following challenges:
  1. Be user-friendly enough.
  2. Be applicable both for individual use and for corporate use (at least, integrate in BYOD processes).
  3. Allow for safe backup methods in case you lose one of the two factors, for instance, a stolen smartphone.
  4. Allow for Single Sign-On : avoid user-side repetitions.
  5. Allow for federation : avoid server-side repetitions, like maintaining similar lists of users in multiple applications.
  6. Allow for automated patches/updates. There will be flaws in the beginning, that will require patching.