|
The issue with a hardware key is that you are tied to that piece of hardware. Also, whatever device you are logging in from has to have support for it (drivers), etc.
When we went to MFA for our O365 login controlled stuff I opted for the number-synch app (MS Authenticator) on my phone, because it is based on an Open standard and I can implement it in code myself should I choose to do so.. When you set this up, you generate a list of 10 number codes that will each work only once, these are saved on paper offline and used for emergency password reset, authing if the phone is lost, etc.
Of course, the day they try to make me use some 3rd party MFA app for authentication to my SSH sessions I'll have to change their grades for my course they took (yes, my boss and most of my coworkers have been my students) and remind them that SSH keys are MFA by nature (something you have, something you know)
__________________
“IN MY EXPERIENCE, SUSAN, WITHIN THEIR HEADS TOO MANY HUMANS SPEND A LOT OF TIME IN THE MIDDLE OF WARS THAT HAPPENED CENTURIES AGO.”
|