Hello all,
Would just like to open up a conversation, to see what people are doing around Multi Factor/2 Factor Authentication.
I've been tasked with securing all our Mac logins with 2FA. I've had mixed degree's of success, using both SecureAuth and Yubikeys.
We FileVault our Mac's, so use with any 2FA is difficult without disabling the automatic FV login, which in my opinion becomes a poor user experience.
We also want to be able to use the 2FA for unlocking the lock screen/waking up from sleep which doesn't work with SecureAuth and their SMS/Push Notification 2FA.
I have had success with Yubikeys having to be plugged in, so that a user can login, wake from sleep and unlock the Mac. These do seem difficult to deploy on a large scale. This is looking like our only alternative.
Was hoping to find a way to use both Touch ID on ours Mac's and the users password, this tho doesn't seem possible at the moment.
Our other option is conditional access on applications on the Mac's, ideally we would prefer to secure all Mac logins with 2FA.
Is anyone else doing anything around MFA and Mac's logins? I've seen Duo, which looks good, assuming tho that this would only work at login too and not with unlocking and waking the Mac from sleep.