So I’ve talked a lot about how you can use 2FA within your organization, and how it could have solved some big issues in terms of hacks and other breaches in the last few months, but I’d like to take a look at whether we are reaching something better with 2FA thanks to the FIDO Alliance.
Back in December, they announced the release of the FIDO 1.0 specifications (one for 2FA called U2F and one for biometrics called UAF). With the publication of these standards, it is possible to actually have a single 2FA token that can be used for multiple online (and local) services. With a unified standard for supporting authentication with a 2FA token, it becomes possible for a user (say, me), to buy one token (or as seems likely, an app for my smartphone), and then use that as a single identity anywhere.
So what does this mean for 2FA closer to home in your organization? Well, it should, over the next year, mean more products supporting FIDO, especially on the server side. We are already seeing this on the client side with more and more tokens coming onto the market supporting FIDO, and services such as Google supporting it on the server side. We should see a lot of advances this year for 2FA, so stay tuned.