|
I use DUO for my VPN connection to work and so far it's worked without any hitches.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
When I login and type my password correctly, it's because I want to get in and get started. I've started boycotting any services that do anything more than that, except for my surface that uses facial recognition effortlessly as the second bit.
To me, if you say you need to make sure it's me after getting my user name and password, that's equivalent to saying, move on, we don't want you in here!
CQ de W5ALT
Walt Fair, Jr., P. E.
Comport Computing
Specializing in Technical Engineering Software
|
|
|
|
|
Walt Fair, Jr. wrote: When I login and type my password correctly, it's because I want to get in and get started.
Agreed, but this is for local gov't employees dealing with sensitive data, so it's just part of doing the job.
Latest Article - A Concise Overview of Threads
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
The company I work for, ImageWare Systems, has a product: GoVerifyID [^]
Cheers,
Mike Fidler
"I intend to live forever - so far, so good." Steven Wright
"I almost had a psychic girlfriend but she left me before we met." Also Steven Wright
"I'm addicted to placebos. I could quit, but it wouldn't matter." Steven Wright yet again.
|
|
|
|
|
I've tried the various methods, and I would strongly recommend TOTP over SMS or push notifications. I tend to use "Google Authenticator" which you can actually use any app that supports the standard, which in my case on Android is the open source FreeOTP made by Red Hat.
In the case where you can't bring your phone to work, Google has had great success with Yubikeys.
|
|
|
|
|
Just make sure you're not looking at MFA in a vacuum. If you don't also implement MDM policies to enforce security on your mobile devices, you're missing the point. Any MFA solution is worthless if anyone can just pick up the mobile device and get at the code.
I'm partial to Microsoft's first-party MFA solution (based in Azure) because I work for them and help companies implement it, but no matter who you go with, make sure mobile/endpoint security is given equal attention. Security is a puzzle and no single piece is a panacea.
Good luck!
Jon (aka. Sir Buzz Killington )
|
|
|
|
|
The morons at my bank will text or call - but not use email.
If I'm planning on banking online they know I'm near an email capable device. I may not be anywhere near a phone. The US Treasury Direct site, which is amazingly fussy to maintain security, will email the one-time code. Same for a number of online banks - major financial institutions. I'm already voting with my wallet - moving my accounts to where they'll cooperate.
Another thing - authenticating BACK to me would be nice - a great way to avoid phishing attempts.
My particular version - for extra secure - requires a custom .exe to be run, which identifies unique machine information, encrypts it (with an every-changing key) and sends it for confirmation in the machine registry. If you don't go through the .exe you cannot access the 'working' parts of the website. Rephrased, for all practical purposes, without the local launcher on a registered machine you don't even get to the same website.
Nothing is 100% hack-proof, but a local item to authenticate registered machines makes it damn tough. Meanwhile, it's a single-click (once registered) - and the browser opens for user login. No burden on the user.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
How about testing if the user can tell an arse from an elbow?
There are websites with photos and invites the reader to guess whether it is an ass or an elbow.
StupidStuff.ORG - Ass Or Elbow Quiz
|
|
|
|
|
Two factor authentication is a PITA! F'rinstance I couldn't log on to my mobile phone supplier's web site to report that my phone was dead. They insisted on sending an SMS with a code. Der!!!
We're philosophical about power outages here. A.C. come, A.C. go.
|
|
|
|
|
We use yubikey as do many secure businesses (think DoD, GOv, etc.).
Little USB plug in (many sizes, we use one that virtually disappears into you device when inserted). All you do is enter a PIN to authenticate.
https://www.yubico.com/
|
|
|
|
|
No, no, please no! 2 Form factor has stopped me from doing anything at home...
|
|
|
|
|
Just use the good old send some random words (or numbers) to the user's email account.
If that is not secure enough, then make sure the user apply with 2 email accounts, so that your service can send two sets of different random words (or numbers) to the user's two email accounts. Which may be as safe as a "2 factor authentication services". No fumbling with phone SMS / swipe here / swipe there, etc, etc.
And if that is not secure enough, then make sure the user apply with 3 emai ... ... ... ...
|
|
|
|
|
AusCert recommends (for it's 2 factor auth services):
FreeOTP app, Authy, 1Password, etc but also has instructions for google authenticator. I'm using FreeOTP and it's currently working a treat.
|
|
|
|
|
Vegetable rights! People just don't seem to carrot all...
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Lettuce discuss this further.
|
|
|
|
|
Just Beet-ween us?
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Bring the whole garden as long as we can keep it peas-full.
|
|
|
|
|
There's not a lot of room - won't it be a bit of a squash?
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
That is a bit of a pickle, but Romaine calm!
|
|
|
|
|
That's a Little Gem of a comment - bound to Rocket to the top, Cos it's just so good!
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
What exactly do you bean?
|
|
|
|
|
OriginalGriff wrote: There's not a lot of room - won't it be a bit of a squash? That's a fruit, not a veggie
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
I fail to grassp some people.
"If we don't change direction, we'll end up where we're going"
|
|
|
|
|
Wouldn't "People Eating Tasty Vegetables" run afoul of the "Truth in Advertising" laws?
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|