Kill the password, limit the pain
Diving deeper into the area around the FIDO alliance, and the efforts there to help defend devices and eliminate the threats that passwords introduce, it is imperative that one understands some of the concepts that are so key to this effort to eliminate the password for users and their devices. Often, two-factor authentication (2FA) as it is known is cited as the most powerful form of out-of-band authentication that can help eliminate password issues. While 2FA is a very useful solution and should be employed at large for all systems, it is not beyond compromise.
2FA helps add an additional point of authentication and splits the authentication protocol (password and authentication) between different systems and devices, but it's far from perfect; in the end, it really only means attackers have to crack two codes instead of one. And should an attacker phish a target with a focus on intersecting the 2FA process, it is possible...