I'm not against—and may even be for—two-factor authentication. But I think this form of it is clunky.
I have heard of someone using a QR code. as part of the login process, You scan the QR code with your phone and it takes you to a page (in your phone's browser) that checks a cookie previously set (in your phone's browser) (or checks the phone number against your stored phone number) that authenticates you. So you never enter your password on the foreign PC.
I can imagine all sorts of variations on that theme that would use a smartphone client app to do the authentication. There probably already exist 3rd-party apps to do that work, if DW didn't want to. I know there's an RSA app, for instance. (which would have the advantage that people who wanted two-factor authentication but had no mobile could buy an RSA token....)
But it should definitely be opt-in. Not everyone has a smartphone, or even a mobile phone at all, and not everyone is so concerned about security.
no subject
I have heard of someone using a QR code. as part of the login process, You scan the QR code with your phone and it takes you to a page (in your phone's browser) that checks a cookie previously set (in your phone's browser) (or checks the phone number against your stored phone number) that authenticates you. So you never enter your password on the foreign PC.
I can imagine all sorts of variations on that theme that would use a smartphone client app to do the authentication. There probably already exist 3rd-party apps to do that work, if DW didn't want to. I know there's an RSA app, for instance. (which would have the advantage that people who wanted two-factor authentication but had no mobile could buy an RSA token....)
But it should definitely be opt-in. Not everyone has a smartphone, or even a mobile phone at all, and not everyone is so concerned about security.