2 Factor Authentication at the desktop

Valued Contributor

Posit: Requiring 2 factor authentication (2FA) to log in to a workstation (and unlock the screensaver) is a fool's endeavor because of lost productivity, high support cost, and user disenfranchisement. 2FA on sensitive apps, databases, etc. makes sense.

Agree or disagree? Why?


Valued Contributor III

I agree, because no workstation should contain data that would require 2FA to access. You want to keep your boundaries as tight as possible.

Esteemed Contributor III

We were looking at this a few months ago but never pursued it. Thoughts? Not two factor, but pretty nifty.



New Contributor

I would love this if it was possible with out a support burden. I would love to see something like our Chromebooks behave. Login from login screen is MFA but wake/unlock is not.

To take it a step further, I would like to be able to set similar option as I get to do in Okta for MFA.

Lastly, If i could have some sugar on top, I want to do this all with out reliance on a traditional LAN-bound AD.


Contributor III

Agree. User facing systems will be better served by biometric ID. I'm sure Apple is just trying to figure out where on earth to put the TouchID sensor on a laptop :)

Valued Contributor

@psliequ So long as TouchID remains obscured from the enterprise software, that sounds ok to me. Employer may not have my fingerprint. But we digress.

At the end of the day, the device is mostly irrelevant from a security perspective. Secure data belongs in secure apps and/or cloud services (whether public or private). That's my position anyhow.

Contributor III

I was recently clued into MacID which in my own testing works very well. Sort of giving us biometric authentication on the Mac until such a sensor is baked into the hardware. Major advantage; you can auto lock the computer if the bluetooth signal of your iOS device goes below a certain dBm threshold.