this post was submitted on 21 Apr 2024
20 points (100.0% liked)
cybersecurity
3284 readers
35 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The replacement cost for user devices isn't high, for you it's zero. At most it's your time helping them reprovision the token. Or to the cost of a temporary other token, which you could keep stocked.
I set up MFA some years ago with yubikeys and authlite to protect AD, it wasn't that expensive. We also did 365 auth to the Microsoft app on personal phones. We didn't have any complaints there, but if we did we would have issued a token or something.
Assuming they replace their own phone you mean? There's also productivity loss that we'd like to avoid. Temporary token stocked in what way?
I'm not familiar with AD so I'll have to do some more research into it.
It depends on what you're protecting and how. The token might be a yubikey or RSA token, for example. Whatever is supported by your MFA product. It could even be an old loaner cell phone with no cell service if the only method is an app.