Two-factor authentication is a very popular term in security these days. Basically, the idea here is that, instead of providing just “something you know” such as your userid and password, it is much safer to also provide something else. That is, provide an additional FACTOR before you are allowed to enter a secure area, such as an online bank account.
One of the smarter ways of doing this is to provide something unrelated to your password, for example “something you have“. Among the coolest “something you have” devices is the new PayPal Security Key device. Basically, it is a little electronic display that generates a new 6 digit number every 30 seconds. When you log into PayPal or Ebay, you simply enter this special number along with your userid and password.
I think the time will be soon when public school districts adopt something like this to help secure sensitive student data. These key creation devices have been available in the business world for years, and it’s about time that school districts took data security seriously!
I agree with the basic idea – there needs to be more two-factor authentication in the world.
The problem, though, is that as more organizations go to two-factor, the number of physical tokens will start to increase beyond reason.
One alternative solution is to use mobile phones for the second factor authentication; we just launched a product that does that (linked above). People already have their phones anyway, so at least it avoids Yet Another Token.
If the industry got together and *standardized* on a particular token platform, or if the token were connected to something like OpenID, then I think it could work.
Good point about cell phones. I suppose it would be ideal if people didn’t have to carry yet another device to get two-factor authentication