|
|
|
|
|
|
by tptacek
2593 days ago
|
|
|
The purpose of a U2F key is to break phishing. You want users to use them as much as possible (on computers), but you do not depend on them being the only second factor. So you can buy and enroll 2 keys, or just do what Google forces you to do: enroll an additional second factor, like a code generator. I do not understand your revocation argument at all. When you let a staffer go, you lock their account. You do not care about their keys. |
|
|