Two-Factor authentication is becoming more critical especially in business applications where sensitive and/or critical data can be accessed. A business application should communicate on a secure channel (https) and should implement Two-Factor as a minimum for their users especially if they can access the application remotely, which means everywhere. You could obviously skip the Two-Factor authentication when the user is on the intranet. This is not implemented in this article. What is a Two-Factor authentication? I will give a brief overview of what Two-Factor authentication actually is. As Joel Franusic described it in his post Two-Factor Authentication or TFA is a method where your users are required to log in with two “factors”: a password, and a code from a device that…