Re-writing a 6-digit code is easier than tapping a USB device?
Comment on MFA
Hotzilla@sopuli.xyz 8 months ago
Sorry, as IT person I have to disagree, app based MFA is just way much easier to maintain instead of HW keys.
mypasswordis1234@lemmy.world 8 months ago
bus_factor@lemmy.world 8 months ago
They’re talking about operationally. They don’t want to configure and distribute a bajillion dongles to users.
Hotzilla@sopuli.xyz 8 months ago
Yup
derpgon@programming.dev 8 months ago
Open an app, find the one number for your specific app among the bajillion you have, oh the timer is almost out and you forgot halfway through, tap back in the app, oh the fucking app scroll all the way to the top again.
Fish@midwest.social 8 months ago
Open app via sidebar, search for website in search box, enter number once because I’m not super fucking slow at typing
HeavyDogFeet@lemmy.world 8 months ago
Often times, yes. I don’t want to always have to have a USB key on me, but I always have access to MFA apps via my phone, watch, or laptop. I have no idea why you’re typing the code out instead of copying and pasting.
daq@lemmy.sdf.org 8 months ago
Pretty sure he’s talking about mfa that just asks for confirmation whether that’s you logging in on the phone. No typing required.
MSids@lemmy.world 8 months ago
App-based TOTP are not phishing resistant and do not require any level of proximity to the login session. The future is more likely passkeys that use device TPMs.
Hotzilla@sopuli.xyz 8 months ago
Simple challenge number handles that, for example Azure AD MFA forces that today
MSids@lemmy.world 8 months ago
Those are better, but are also not phishing resistant.
FiniteBanjo@lemmy.today 8 months ago
If you want to install software on my personal device with elevated privileges then I’ll just use a different service than you’re shitty low effort maintained trash.
Hotzilla@sopuli.xyz 8 months ago
Company device of course. Like mentioned, in IT, I want nothing to do with users personal phones
FiniteBanjo@lemmy.today 8 months ago
Oh hell yeah, then. At that point it’s just the company making their own apps to install on their own stuff.