The whole two-factor authentication system is a fantastic idea. However the idea ofgiving a new device to every person who needs to login to my site? Well, that justseems expensive. And given the fact that I’ve thrown out all of my grocery membershipcards and refuse to shop at those places because it makes my wallet too heavy…Idoubt that people really want to carry that stuff around.
The solution? Use the device we all have with us: our cellular phone. PhoneFactor hasa platform that does just that. It’s also free to use for an application of your choice.You can set it up for RDP, VPN, or program your web app against it. When your userslog in, they get a call on their cell phone and have to press #. If you want to tryit out without setting anything up, try getting a free MyOpenId andusing PhoneFactor as your authentication mechanism.
Personally, I still think the barrier to entry is too high, what with configurationand licensing and user training and edge cases where it doesn’t work…but hopefullygood technology options like this will push out the absurd technology options likeRSA keys and press the pricing down to the point where it really is everywhere andeveryone accessable. Then if we could just get Microsoft and Apple to build it intothe OS so that we really can authorize everywhere using easy tools from any provider.