My organization advocates that users should use their mobile phones for two-factor authentication when logging into email and the like, but I'm concerned about whether the end device represents a problem in this equation. For example, should users avoid using Android devices for the purposes of two-factor authentication because of the malware problem on the Android platform? Or does that not come into the equation for two-factor authentication?