Passwords and their use, vulnerability and the state of their future in this predominantly on-line world, seems to have dropped off the radar a bit lately. But they won’t go away anytime soon and the increasing use of individual two factor authentication solutions seems to be making things worse rather than better.
The increasing use of two factor authentication system is making things worse?
For sure, two factor authentication (2FA) is one of the best ways to ensure a user is who they say they are when the login to a network or website. However the way in which many of these systems have been implemented has led to a multiplicity of different and not-quite-identical solutions that have only confused users and systems architects, creating a barrier to broader adoption.
Within the enterprise, 2FA is usually restricted to remote users, typically using some form of VPN on the assumption that because they are remote and we can’t physically see or vet them, we need to have additional controls in place to make sure that they are authorised to login. These users nearly always have a different login process, typically just username and password, to follow when they are in the office, i.e. not remote.