TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security Critical MCP Integration Flaw Puts NGINX at Risk Critical MCP Integration Flaw Puts NGINX at Risk by Jai Vijayan Apr 15, 2026 4 Min Read Сloud Security Navigating the Unique Security Risks of Asia's Digital Supply Chain Navigating the Unique Security Risks of Asia's Digital Supply Chain by Alexander Culafi Apr 15, 2026 3 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Endpoint Security Identity & Access Management Security Mobile Security Сloud Security News, news analysis, and commentary on the latest trends in cybersecurity technology. Two-Factor Authentication Breaks Free from the Desktop Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world. Arielle Waldman , Features Writer , Dark Reading April 16, 2026 5 Min Read Source: Panther Media Global via Alamy Stock Photo These days, organizations require two-factor authentication (2FA) to log into a variety of platforms and applications, such as messaging apps, cloud services and virtual private networks (VPNs). However, the average driver may not be aware that 2FA can protect the car sitting in their driveway. Authentication measures are consistently crucial as phishing campaigns become more sophisticated, and attackers steal credentials in mounting data leaks. Now 2FA is expanding beyond traditional IT computer use cases to include the physical world as well. Protocols can keep hackers from compromising the heat pump warming the house, breaching medical devices treating patients, or driving away in a stolen car. Two-factor authentication is now considered a hygiene factor for traditional IT systems as well as physical security, explains Kalyan Arety, director of product management at SecureW2, warning that users shouldn’t blindly trust devices. Concerns particularly extend to Internet of Things (IoT) and protecting supply chain integrity, adds Arety. Related: Microsoft's Original Windows Secure Boot Certificate Is Expiring While organizations can apply 2FA to protect physical environments across a variety of industries, auto and healthcare have made plenty of strides already. How Is the Auto Industry Using 2FA? Attacks targeting cars are becoming increasingly sophisticated, explains Keyfree Technologies VP, David Berg. Organized crime rings are using electronics systems to clone car keys, he tells Dark Reading. "They know where people are located and when the time is right, they send someone to retrieve the car in the driveway without the user knowing, because it's stolen with a key," Berg explains. Canadian insurers and law enforcement have become concerned, says Berg, who is based in Toronto. Since the attacks are similar to ones observed on computers, like man-in-the-middle or spoofing , implementing 2FA looks like a viable way to address the non-IT related problem, he adds. Keyfree has developed 2FA technology that combines hardware installed in the car and a mobile application where users authenticate a key fob with a one-time password in order to start the car. Bypassing Security Systems Attackers target a variety of cars, but they usually prefer older cars because they’re easier to steal. Electric cars are less affected because they are always connected to the internet. It's hard to make them disappear since they're constantly tracked, explains Berg. "The challenge is that not only are people beating things like steering wheel clubs and bypassing GPS trackers, but they're also doing things that are very sneaky," Berg says. "[They're] bypassing built-in security systems by doing relay attacks and key cloning. People are bypassing these security systems." Related: CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry There is a growing interest in multifactor authentication (MFA) for keyless vehicles, observes Lisa Caldwell, commercial U.S. manufacturing and automotive industry practice leader at Marsh. She attributed the evolution to increasing thefts and new technology which has left few possibilities of solutions under evaluation since companies know that users want frictionless security options. "While auto companies have known of the vulnerability for a while, challenges with convenience, reliability, and cost slowed progress," Caldwell tells Dark Reading. Instead of entering a code, as in a computer, auto companies are considering 2FA using secure digital keys with ultra-wideband capabilities that require proximity to the vehicle, biometrics like face ID or fingerprints, and a pin-to-drive model like an ATM with no extra communication steps. That brings up another challenge, explains Caldwell, highlighting how there are no clear standards for authentication. Trade groups like SAE International and the International Organization for Standardization have focused more on outcomes to manage safety and security, and now mechanisms for vehicle entry, adds Caldwell. Related: Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense Right now, it is unlikely people will see a direct regulatory requirement for authentication but there will be more focus on broad cybersecurity requirements for vehicles, adds Caldwell. Progress may be slow because, as is the case with any 2FA requirements, usability could pose issues. The authentication measure provides a high level of security, but it is mainly suitable for occasional actions only, and not acceptable for everyday use, explains Dr. Bastian Holderbaum, global director of functional safety and cybersecurity at automotive software company, FEV.io GmbH. "For interactions that happen frequently, like unlocking or starting the vehicle, mandatory 2FA is not convenient for the users," Holderbaum tells Dark Reading. Healthcare Enters the Chat Healthcare is another highly targeted industry pushing to incorporate 2FA into daily practices. Devices like dialysis machines and any big diagnostic machine that captures patient healthcare information will have 2FA or MFA enabled to protect sensitive data, says Arety. The key is to implement 2FA to ensure the data residing in the device is encrypted and when users actually transmit data to secure communication between the device and the central control plane, he adds. "It's all driven by policy," Arety tells Dark Reading. "All inherent, implicit policy that pushes the second, third, or fourth factor before you issue that certificate." Medical devices such as infusion pumps, imaging systems, and electronic health record terminals are network-connected and high-value targets for cybercriminals, explains Keeper Security CISO, Shane Barney. Therefore, some healthcare organizations now require clinicians to enter both a physical credential and PIN before they can interact with sensitive equipment or patient data, adds Barney. "When unauthorized access to medical infrastructure carries real-life safety consequences, the bar for identity assurance must be higher than a single factor," Barney says. "That bar should also extend to the quality of the factors themselves." Barney warns authentication methods like SMS-based code, while still commonly used, remain vulnerable to interception and SIM-swapping. Implementing 2FA could also "close a category of risk that most threat models still don't account for," he adds. "Whether someone is unlocking a server room, accessing a medical device, or authorizing a wire transfer, the underlying question is the same: Can you prove who you are through at least two independent channels?" Barney says. About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection. See more from Arielle Waldman Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports CISO Survey 2026 The State of Incident Response Readiness AI SOC for MDR: The Structural Evolution of Managed Detection and Response How Enterprises Are Developing Secure Applications KuppingerCole Business Application Risk Management Leadership Compass 2026 CISO AI Risk