Of course you wouldn't. So why, in an age when the security of company data is so vital, is it almost standard practice for enterprises to only provide secure two-factor logging-in for a small part of the work force?
A number of experts seem to agree that the norm for many enterprises is to issue only 5-10 percent with tokens. Certainly one local authority I know of has 20,000 on staff and only 500 of them get two-factor authentication. Presumably the remainder of the staff is left to muddle through with nothing more than one-factor, i.e., standard passwords, with their associated security vulnerabilities.
Bearing in mind the potential 'cost' of data leaks today - in terms of lost business, industrial espionage and advantage being gained by competitors, loss of reputation, pillorying in the media, etc. - to economize on something of such importance doesn't make a lot of sense. So why is partial use of two-factor authentication the 'norm' in so many workplaces?
Perhaps it's time we all looked afresh at what we're trying to achieve here.
Unless we've all been living on a distant planet for the last few years, it should be obvious by now that the once-trusted password is now no longer fit for purpose. Hackers have so many ways of compromising or cracking it. So we've been sold on the idea that one-time passwords are a better alternative. Well over 20 years ago when the hardware token arrived on the scene from current market leader RSA, we all started to think that having a key fob in our pockets and a VPN set up on our computers would keep everything we hold dear safe from the bad guys.
Leaving aside the recent RSA "hack" and fears about the security of tokens that may have stirred up, is the use of expensive pieces of hardware to safeguard logins for a minority of staff in an organization the best use of resources? Clearly it creates an imbalance that doesn't seem very logical. Surely it would be better to use something cheaper, which could be rolled out to everyone.