Quote:
Originally Posted by id10t
The issue with a hardware key is that you are tied to that piece of hardware. Also, whatever device you are logging in from has to have support for it (drivers), etc.
When we went to MFA for our O365 login controlled stuff I opted for the number-synch app (MS Authenticator) on my phone, because it is based on an Open standard and I can implement it in code myself should I choose to do so.. When you set this up, you generate a list of 10 number codes that will each work only once, these are saved on paper offline and used for emergency password reset, authing if the phone is lost, etc.
Of course, the day they try to make me use some 3rd party MFA app for authentication to my SSH sessions I'll have to change their grades for my course they took (yes, my boss and most of my coworkers have been my students) and remind them that SSH keys are MFA by nature (something you have, something you know)
|
We use RSA at work. We used to use hardware fobs, but they have migrated most of us to software on cell our cell phones.
Don't even get me started on the process to login to a jumphost for network SSH or worse yet, server access. It's gotten ridiculous, but hey, it's a BIG bank and a BIG target for everyone. We spend a ton of time and money on cybersecurity.
__________________
Steve
'08 Boxster RS60 Spyder #0099/1960
- never named a car before, but this is Charlotte.
'88 targa
SOLD 2004 - gone but not forgotten