Passwords are easily phished, captured, replayed, or otherwise compromised. To address weaknesses in passwords, two-factor authentication was developed. Two-factor authentication (2FA) is commonly deployed for sensitive applications (e.g., email, web apps, VPN) by system administrators in order to better safeguard corporate data. Unfortunately, system administrators may not be fully aware of all applications able to access sensitive data. This lack of knowledge can lead to disastrous consequences, as exemplified by a December 2014 breach of JP Morgan; in this case, a subset of JP Morgan servers were overlooked during two-factor authentication upgrades, leaving them vulnerable. Thus, there is a need in the authentication field to create a new and useful system and method for automatic service discovery and protection. This invention provides such a new and useful system and method.