Posted on 10-09-2015 12:22 PM
Posit: Requiring 2 factor authentication (2FA) to log in to a workstation (and unlock the screensaver) is a fool's endeavor because of lost productivity, high support cost, and user disenfranchisement. 2FA on sensitive apps, databases, etc. makes sense.
Agree or disagree? Why?
Posted on 10-09-2015 12:29 PM
I agree, because no workstation should contain data that would require 2FA to access. You want to keep your boundaries as tight as possible.
Posted on 10-09-2015 04:37 PM
We were looking at this a few months ago but never pursued it. Thoughts? Not two factor, but pretty nifty.
Posted on 10-10-2015 11:37 AM
I would love this if it was possible with out a support burden. I would love to see something like our Chromebooks behave. Login from login screen is MFA but wake/unlock is not.
To take it a step further, I would like to be able to set similar option as I get to do in Okta for MFA.
Lastly, If i could have some sugar on top, I want to do this all with out reliance on a traditional LAN-bound AD.
Posted on 10-11-2015 04:17 AM
Agree. User facing systems will be better served by biometric ID. I'm sure Apple is just trying to figure out where on earth to put the TouchID sensor on a laptop :)
Posted on 10-12-2015 08:23 AM
@psliequ So long as TouchID remains obscured from the enterprise software, that sounds ok to me. Employer may not have my fingerprint. But we digress.
At the end of the day, the device is mostly irrelevant from a security perspective. Secure data belongs in secure apps and/or cloud services (whether public or private). That's my position anyhow.
Posted on 10-27-2015 12:26 PM
I was recently clued into MacID which in my own testing works very well. Sort of giving us biometric authentication on the Mac until such a sensor is baked into the hardware. Major advantage; you can auto lock the computer if the bluetooth signal of your iOS device goes below a certain dBm threshold.