Two-factor authentication is a security procedure that verifies a user's identity using two pieces of information: one that a person knows (such as a secret password) and another provided by something he or she has (such as an ID card). Recently, released an , enabling two-factor authentication on "40 web sites that are part of the VIP Network, including eBay, PayPal and AOL".
Two-factor authentication using a mobile device is an excellent idea. People , and as smart phones become more widespread, such an application could remove the need for easily-misplaced security tokens. But why just 40 websites? What the press release does not mention is that since VeriSign is an , the iPhone application .
Fortunately, there is no reason why this kind of two-factor authentication must be tied to VeriSign. provides a service called that . The only thing still missing (as far as I am aware) is an open-source implementation independent of any third-party service.
Therefore, I make the following request to the . I use on this website, making it my OpenID identity provider. It should be possible to make this simple application accept a second authentication factor provided by a mobile phone application. Any takers?