2FA for datacenters without installing agents
The most common authentication method is the password. It is a single-factor authentication that is based on the user knowing a secret. It is also a rather weak form of authentication. Many organizational security policies today require their high-value assets to be secured with multi-factor authentication (MFA)
Adding additional factors - "something you have" in addition to the "something you know" - improves security and makes the authentication considerably more resilient to attacks. There are many approaches to implementing the second factor of a two-factor authentication (2FA) - the second factor may be, for example, a security token (such as RSA SecurID) or a mobile phone of the user (such as in Duo Security 2FA).
Deploying Two-Factor-Authentication (2FA) for Server Farms
Regardless of the technical implementation, most two-factor authentication solutions require an agent component on the server-side. This means that large deployments that cover many server instances require the installation of an agent component in each of the protected servers.
Many of Fortune 500 companies operate internal networks and data centers that include thousands, sometimes tens of thousands, of servers. Covering such massive back-end server volumes imposes a heavy cost - in licenses, manual work and maintenance commitments.
Deploying 2-factor authentication in corporate server volumes may be prohibitively expensive. An approach that offers equal security with considerably reduced cost is required.