Late 1990s to 2000+: 2FA goes mainstream Many online services and especially banks have started to treat user-targeted attacks such as trojans and phishing seriously To this end, they deployed 2-factor authentication where passwords are augmented with one-time codes or another second authentication factor There's some debate as to whether and which kinds of 2FA are effective against which types of attacks. "Two-factor authentication isn't our savior. It won't defend against phishing. It's not going to prevent identity theft. It's not going to secure online accounts from fraudulent transactions. It solves the security problems we had ten years ago, not the security problems we have today." Bruce Schneier, "The Failure of Two-Factor Authentication", 2005 Passwords remain relevant as one of the factors: "something you know"