| 1965 |
First ATM with inserted banker's check + PIN authentication |
Card + PIN for ATMs is an early example of 2FA |
| 1984 |
Patent applied for by RSA for generating "non-predictable codes" for their two factor system |
Patent granted in 1988 |
| 1986 |
First RSA 2FA keyfob sold |
|
| 2005 |
RFC 4226 (HOTP) promulgated |
Defines one method of generating the codes for two factor |
| 2006 |
RSA develops apps to generate authentication codes on other devices (phones, e.g.) |
|
| 2008/9 |
Google mail and Google in general is hacked by Chinese government seeking information on dissidents |
|
| September 20, 2010 |
First release of Google Authenticator and 2FA for Apps for Domains accounts |
|
| February 10, 2011 |
2FA turned on for Google consumer accounts |
|
| March 11, 2011 |
Twitter enters into a consent decree with the Federal Trade Commission over their security practices. |
While not directly mentioning 2FA, this places companies on alert that users' security is something that the FTC is paying attention to. |
| 2011 |
RFC 6238 (TOTP) promulgated |
Defines the most common method of generating codes for two factor |
| May 12, 2011 |
Facebook turns on "Login approvals", their form of 2FA |
Initially uses SMS, but later versions get built into the Facebook app. Uses TOTP? |
| 2012 |
Matt Honan, Wired author, gets "epically hacked" and mentions if he had been using 2FA it would have been avoided. |
|
| June 2012 |
Google starts warning some users that they are being targeted by state sponsored attacks and recommends 2FA |
|
| August 27, 2012 |
Dropbox turns on 2FA for its users. |
|
| October 2013 |
EFF encourages people to start turning on 2FA. |
|
| 2013 |
Google closes the source of Google Authenticator but open source clones soon spring up |
|
| May 22, 2013 |
Twitter turns on "Login Verification" |
Prompted at least in part by the April 23, 2013 hack of the AP's account which caused a temporary drop in the stock markets in reaction to a fake post about an explosion at the White House. |
| April 11, 2013 |
Chris Soghoian publishes in Bloomberg about importance of 2FA |
|
| April 17, 2013 |
Microsoft announces launch of 2FA for accounts. |
|
| August 29, 2013 |
FTC files complaint against LabMD for security violations, including a failure to require 2FA for its employees. |
|
| 2014(?) |
twofactorauth.org launches, listing which sites offer and by what means |
|
| October 21, 2014 |
Google announces that Universal 2nd Factor keys will work with Google accounts |
|
| December 9, 2014 |
FIDO Alliance releases specification for U2F devices. |
|
| March 16, 2015 |
ACLU advocates for 2FA, and pushes U2F |
|
| March 27, 2015 |
Slack suffers a hack and enables 2FA |
|
| June 2015 |
FTC publishes Start With Security:A Guide for Business, including recommendation to use 2FA |
|
| September 16, 2015 |
In response to hacks of celebrities' iCloud accounts resulting in leaks of private photos, Apple turns on 2FA for iCloud. |
Apple had 2FA for a short while in June of 2015 but withdrew it for unknown reasons. |
| October 1, 2015 |
Github adds U2F Support |
|
| July 25, 2016 |
Fastmail adds U2F Support |
|