So Thursday is like the unofficial last day of the RSA Conference. As the last day of the Expo, many people pack up and go, though there are still some sessions and the closing keynotes tomorrow. But with the close of the expo, it’s probably a good time to think about what was being talked about.

This year’s show was huge. I’ve been to a lot of shows in the last 15 years, but this year it seemed like the default booth size graduated from 10×10 to 20×20, but both the North and South halls were completely full, and it was packed with people (great exercise for those with their fitness bands). Obviously I was focused on looking at identity and authentication, and there were a lot of companies there with solutions, though by no means were authentication companies the focus of the conference.

One big thing that stood out in the authentication space was what seemed to be a convergence on FIDO as an important feature. What I thought was interesting though, was how this only seemed to be important to companies with small booths (there were a few exceptions, but they were rare). Large, well-established token vendors seemed to be ignoring FIDO while what I would call second-generation (or maybe we are third-generation, depending on how you break it out) vendors were embracing FIDO and a more interoperable stance instead of vendor lock-in on both the server and token.

I think this will be important over the next few years. As organizations look to implement strong authentication through 2FA, or as they look at their replacement cycle and start to review the market, FIDO support looks like it will become an important differentiator. This ability to provide support across multiple tokens which support a single standard is likely to cause some heartburn for the established players as they are forced to compete with newer, nimble competitors offering comparable capabilities (or in many cases, better capabilities) at a lower cost and without the same level of lock-in.

The 2FA market should be an interesting place.