It's also very nice.
Can I log into my Windows network with it without paying a huge per-user, per-year license?
Generally the answer is no.
2FA for web services and other things is easily done via everything from Google's own TOTP authenticator, to email, to SMS. Sure there are ways to intercept the latter but then you have bigger problems anyway.
The problem is securing access to machines just as much as access to online services, however.
2FA devices won't really take off until I have one device that logs me in at work, authenticates all my browsing, works with my bank, and does it automatically and for a seriously minimal price (and comes with a switch on it that does all the same for home). There's literally nothing stopping that happening.
(P.S. multiOTP is one project I deployed recently and has a free credential provider that can intercept normal and RDP Windows logins... but it's TOTP, HOTP, etc. and not device-dependent. Guess what... the commercial version with the device part and licensing for it costs silly money again. But if we have an open-source credential provider for Windows, there doesn't seem to be much reason to distinguish software from hardware authentication, and the irony is if you're paying money for hardware keys, you have to pay even more for the software licencing.)
Biting the hand that feeds IT
