Two-factor authentication, the added layer of security that asks you for a temporary code when logging into an account, is about to become much simpler—especially for small smart devices that have been left out of the cybersecurity loop.
Researchers at Sandia National Laboratories have developed a new method that generates and sends temporary security codes without needing GPS or even knowing the time.
This breakthrough could help secure a wide range of devices such as drones, remote sensors, smart thermostats, and industrial systems—tools that often lack the computing power or internet access needed for traditional cybersecurity methods.
Chris Jenkins, a cybersecurity expert at Sandia, led the development. He explained that conventional two-factor authentication is more complicated than it seems.
For example, when you get a code from your bank, that code often goes through multiple companies: a third-party vendor, your phone provider, and then back to the bank.
All of this relies on accurate timing, usually pulled from GPS or internet servers.
But small, low-power devices like smart meters or agricultural sensors often can’t handle that kind of processing. They may only turn on occasionally to save energy and don’t always have a strong or stable internet connection.
As a result, many of them are only protected by basic passwords and are easy targets for hackers.
Jenkins’s new method cuts out all the middlemen. It lets two devices talk directly to each other and share a temporary code without needing to know the exact time.
This means even devices as simple as a thermostat can generate their own secure code and send it over a low-data network. The system is lightweight, using very little computing power, which makes it perfect for protecting small and simple electronics.
This new approach has already been successfully tested in a remote sensing application. Jenkins originally developed the system to protect military aircraft, which also need lightweight security systems due to limited onboard computing resources.
He later realized the method could be adapted for everyday smart devices.
The need for better security is clear. In 2016, a massive cyberattack used about 100,000 insecure smart devices—like webcams and routers—to launch a coordinated assault on major servers.
These devices had only basic username and password protection, which hackers easily bypassed. Many such devices are still vulnerable today.
Sandia’s simpler two-factor system provides an extra layer of protection, making it much harder for malware to take control. Jenkins hopes this new method will help secure the growing number of small, internet-connected devices we now rely on in our homes, cities, and industries.
