2 Factor Authentication at the desktop

milesleacy
Valued Contributor

Posit: Requiring 2 factor authentication (2FA) to log in to a workstation (and unlock the screensaver) is a fool's endeavor because of lost productivity, high support cost, and user disenfranchisement. 2FA on sensitive apps, databases, etc. makes sense.

Agree or disagree? Why?

6 REPLIES 6

alexjdale
Valued Contributor III

I agree, because no workstation should contain data that would require 2FA to access. You want to keep your boundaries as tight as possible.

donmontalvo
Esteemed Contributor III

We were looking at this a few months ago but never pursued it. Thoughts? Not two factor, but pretty nifty.

MacID

--
https://donmontalvo.com

jonathan_spiva
New Contributor

I would love this if it was possible with out a support burden. I would love to see something like our Chromebooks behave. Login from login screen is MFA but wake/unlock is not.

To take it a step further, I would like to be able to set similar option as I get to do in Okta for MFA.

Lastly, If i could have some sugar on top, I want to do this all with out reliance on a traditional LAN-bound AD.

762dcbf4824a466e9991490739410862

psliequ
Contributor III

Agree. User facing systems will be better served by biometric ID. I'm sure Apple is just trying to figure out where on earth to put the TouchID sensor on a laptop :)

milesleacy
Valued Contributor

@psliequ So long as TouchID remains obscured from the enterprise software, that sounds ok to me. Employer may not have my fingerprint. But we digress.

At the end of the day, the device is mostly irrelevant from a security perspective. Secure data belongs in secure apps and/or cloud services (whether public or private). That's my position anyhow.

psliequ
Contributor III

I was recently clued into MacID which in my own testing works very well. Sort of giving us biometric authentication on the Mac until such a sensor is baked into the hardware. Major advantage; you can auto lock the computer if the bluetooth signal of your iOS device goes below a certain dBm threshold.