I’ve had this argument with different people when asking for a hardware token vs app only two factor.
I’m not installing a proprietary app on my personal device. I’ll use a open standard, I’ll use a light weight hardware token. I’m not going to run a invasive binary black box for push authentication 24/7 on my personal device.
At this point everyone has extra phones that don’t get security updates. I just used a old phone installed the app on that phone, and left it in my desk… It’s kind of a terrible security dongle at this point.
I’ve had this argument with different people when asking for a hardware token vs app only two factor.
I’m not installing a proprietary app on my personal device. I’ll use a open standard, I’ll use a light weight hardware token. I’m not going to run a invasive binary black box for push authentication 24/7 on my personal device.
At this point everyone has extra phones that don’t get security updates. I just used a old phone installed the app on that phone, and left it in my desk… It’s kind of a terrible security dongle at this point.
Has to be company phone of course. In IT I don’t want nothing to do with your personal device.
Here in Finland it is normal (or even required) that company provides you phone and subscription if your work needs that.