David Kimura PRO said about 6 years ago on Two Factor Authentication :
I think that this would be a great episode. In your example, would the token be used in addition to their username and password for multifactor auth? Or, are you thinking that the user would not have a username and password and they would simply authenticate with the token? Keep in mind that with security around authentication, ticking off more of these in the list below strengthens the auth wall. 1. something you know (username and password) 2. something you have (registered cell phone with app for token) 3. something you are (fingerprint, facial, etc. i.e., Touch ID to unlock phone) I would highly advise against using just a token to authenticate without needing the username and password if that was the direction you were referring to.