Menu
Platforms

TOTP Two-Factor Authentication

NOT ON THE CURRENT EDITION
This blip is not on the current edition of the radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the radarUnderstand more
Apr 2016
adopt?

Password security is still a hotly debated topic with the UK government advocating technical controls that let users remember simpler passwords and Edward Snowden’s password advice being described as only "borderline secure". Passwords are generally one of the weakest links in the security chain, so we recommend employing two-factor authentication, which can significantly improve security. Time-based One-Time Password (TOTP) is the standard algorithm in this space, with straightforward server-side implementations and free smartphone authenticator apps from Google and Microsoft.

Nov 2015
adopt?
May 2015
trial?

Passwords continue to be a poor mechanism for authenticating users and we’ve recently seen companies such as Yahoo! move to a “no passwords” solution—a one-time code is texted to your phone whenever you need to log in from a new browser. If you are still using passwords we recommend employing two-factor authentication which can significantly improve security. Time-based One-Time Password (TOTP) is the standard algorithm in this space, with free smartphone authenticator apps from Google and Microsoft.

Jan 2015
assess?

Two-factor authentication significantly improves security over simple password-based systems. RFC 6238 -- Time-based One-Time Password Algorithm -- is a standard for two-factor authentication. 'Standard' authenticator apps from Google and Microsoft provide tokens to smartphone users, and there are a number of other client and server implementations readily available. With providers such as Google, Facebook, Dropbox and Evernote using TOTP, there really is no excuse to continue using simple password-based authentication where stronger security would be appropriate.

Jul 2014
assess?
Two-factor authentication significantly improves security over simple password-based systems. RFC 6238 -- Time-based One-Time Password Algorithm -- is a standard for two-factor authentication. "Standard" authenticator apps from Google and Microsoft provide tokens to smartphone users, and there are a number of other client and server implementations readily available. With providers such as Google, Facebook, Dropbox and Evernote using TOTP, there really is no excuse to continue using simple password-based authentication where stronger security would be appropriate.