• Few apps natively support multi-factor logins.
  • Mandate strong authentication before self-service password reset.


  • Offer 2FA to all users:
    • PIN to phone/email.
    • Smart phone app.
    • Existing OTP.
    • Browser fingerprint (reduces the nuisance of 2FA).

  • Built into Hitachi ID Password Manager
    • Leverage existing 2FA if available.
    • Introduce zero-cost 2FA otherwise.

  • Extend 2FA to other apps via federation:
    • HiPM includes a built-in SAML IdP