• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    8 months ago

    I’ve had this argument with different people when asking for a hardware token vs app only two factor.

    I’m not installing a proprietary app on my personal device. I’ll use a open standard, I’ll use a light weight hardware token. I’m not going to run a invasive binary black box for push authentication 24/7 on my personal device.

    At this point everyone has extra phones that don’t get security updates. I just used a old phone installed the app on that phone, and left it in my desk… It’s kind of a terrible security dongle at this point.

    • Hotzilla@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      8 months ago

      Has to be company phone of course. In IT I don’t want nothing to do with your personal device.

      Here in Finland it is normal (or even required) that company provides you phone and subscription if your work needs that.