Though there have been several predecessors to the modern day two-factor authentication system, the 2FA that we would recognize today was first made commercially available by the RSA company as a key fob in 1986. The fob had a small LCD screen that displayed a short numerical code which users appended to their passwords. For over 20 years, many large enterprises and governments made use of this type of extra protection for their internal systems. However, it would not become a common feature on the internet until this decade, after the number of people using account-based services—and the number of those accounts being hacked—hit critical mass.
In January 2010, Google announced that the Chinese government had been targeting Google (and, it would turn out, around 20 other U.S. companies) with a long-term attack aimed at gaining access to the email accounts of human rights activists working in China and around the world. The attacks led to a number of changes at Google, both in terms of security infrastructure and policy. As a result, Google decided to shut down operations in China. Later that year, Google introduced their two-factor authentication system. Initially only for business accounts, it was rolled out to all Google users in early 2011. For the first time, 2FA was available to the general public for an average user account. In the years since, other major companies such as Microsoft, Twitter, Apple, and Amazon have begun to offer 2FA options across a multitude of online platforms (only a subset of which are represented in this timeline). Competition on security features, high-profile breaches, and the every-day occurrence of account hijackings have led to an environment that demands better authentication. However, many consumers are still not availing themselves of these options, as demonstrated by a continued flood of well-publicized email account breaches, because by their nature they are less convenient and more complex than a simple password. Consequently, companies are investigating other authentication methods that might be both convenient and secure enough to replace today’s options.