If a company or an organization wants to provide two factor authentication for thousands of users they are faced with totally new challenges.
Users will not come to the administrators desk. The administrator will not enroll a hardware token or initialize the user’s smartphone with the Google Authenticator on a per user basis. There are so many users, that the administrators or helpdesk users do not even know all the end users anymore. There must be a solution, that the enrollment process itself hands the authentication object to the user and ensures the identity of the user – preferably automatically!
Users might be spread over cities, countries – worldwide. They are ordinary end users and often not computer savvy. The rollout and the usage of two factor authentication should bother neither the end user nor the IT department too much.