Y
Hacker News
new
|
ask
|
show
|
jobs
by
abledon
2482 days ago
MFA means all employees are now issued a yubikey to login?
1 comments
tptacek
2482 days ago
Unlikely. TOTP, Duo Push, and SMS are all more popular that U2F/WebAuthn.
link
eranation
2482 days ago
Yep. Those are still prone to phishing for a clever attacker and sleepy employee. For most users - that should be fine, but for the ones with the admin access to the nuclear reactor, U2F/FIDO2/WebAuthn probably worth the extra effort.
link