[kuasha]

2FA can use smart card- The device with TPM capability may work as a virtual smart card- This video is interesting- http://www.youtube.com/watch?v=QmTpdZAC4_s -

But Yes, I have to admit, for API, this may be overkill-

[hussfelt]

So you would implement like a virtual smart-card in the Client application end that then communicates with the API in our end and authenticates?

I also think this might be a bit overkill - maybe something for real enterprise apps... :-)

But it's a cool thought!

Thanks for sharing!