• @[email protected]
    link
    fedilink
    English
    -10
    edit-2
    8 months ago

    Sorry, as IT person I have to disagree, app based MFA is just way much easier to maintain instead of HW keys.

    Edit: forgot to mention that in Finland companies here has to provide phone if your work require that. In IT I don’t want nothing to do with users personal devices, and it sounds insane to me that in US companies force apps to your personal devices.

    • @[email protected]
      link
      fedilink
      English
      13
      edit-2
      8 months ago

      If you want to install software on my personal device with elevated privileges then I’ll just use a different service than your shitty low effort maintained trash.

      • @[email protected]
        link
        fedilink
        English
        28 months ago

        Company device of course. Like mentioned, in IT, I want nothing to do with users personal phones

        • @[email protected]
          link
          fedilink
          English
          4
          edit-2
          8 months ago

          Oh hell yeah, then. At that point it’s just the company making their own apps to install on their own stuff, the way it should be.

    • @[email protected]
      link
      fedilink
      English
      108 months ago

      I’ve had this argument with different people when asking for a hardware token vs app only two factor.

      I’m not installing a proprietary app on my personal device. I’ll use a open standard, I’ll use a light weight hardware token. I’m not going to run a invasive binary black box for push authentication 24/7 on my personal device.

      At this point everyone has extra phones that don’t get security updates. I just used a old phone installed the app on that phone, and left it in my desk… It’s kind of a terrible security dongle at this point.

      • @[email protected]
        link
        fedilink
        English
        18 months ago

        Has to be company phone of course. In IT I don’t want nothing to do with your personal device.

        Here in Finland it is normal (or even required) that company provides you phone and subscription if your work needs that.

    • My Password Is 1234
      link
      English
      88 months ago

      Re-writing a 6-digit code is easier than tapping a USB device?

      • @bus_factor
        link
        English
        118 months ago

        They’re talking about operationally. They don’t want to configure and distribute a bajillion dongles to users.

      • HeavyDogFeet
        link
        English
        68 months ago

        Often times, yes. I don’t want to always have to have a USB key on me, but I always have access to MFA apps via my phone, watch, or laptop. I have no idea why you’re typing the code out instead of copying and pasting.

      • @[email protected]
        link
        fedilink
        English
        38 months ago

        Open an app, find the one number for your specific app among the bajillion you have, oh the timer is almost out and you forgot halfway through, tap back in the app, oh the fucking app scroll all the way to the top again.

        • Fish [Indiana]
          link
          fedilink
          English
          -18 months ago

          Open app via sidebar, search for website in search box, enter number once because I’m not super fucking slow at typing

      • @[email protected]
        link
        fedilink
        English
        18 months ago

        Pretty sure he’s talking about mfa that just asks for confirmation whether that’s you logging in on the phone. No typing required.

    • @MSids
      link
      English
      28 months ago

      App-based TOTP are not phishing resistant and do not require any level of proximity to the login session. The future is more likely passkeys that use device TPMs.

        • @MSids
          link
          English
          28 months ago

          Those are better, but are also not phishing resistant.