It’s a little embarrassing to admit, but it seems that the mistakes of one person globally syndicated columnist have led to a rapid increase in the acceptance and use of two-factor authentication technologies for authentication. Within the last week, I have set up both my Dropbox account and this very blog with two-factor authentication.
Mat Honan’s sordid tale did a lot to raise awareness of how passwords are imperfect as an authentication mechanism, as have the many password breaches that have occurred over the years. Most interesting, though, is how Google created and freely released Google Authenticator as an open source application and how quickly organizations have begun to embrace it. While I’ve traditionally been a PKI guy (I know, that’s SO 2003), when the time came for us to secure our VPN with a second factor we went with Google Authenticator rather than a PKI token. Why? Cost. Hard to argue with free.
So now, I have Google Authenticator token set up with: my personal Google account, my corporate Google Apps account, my corporate VPN, my blog, and my Dropbox. What do you think the next systems to add Google Authenticator support will be? Let us know in the comments.