Hacker News new | ask | show | jobs
by closeparen 1203 days ago
After an incident our compliance people told us we cannot have different 2FA options for the same user, so yes in fact if you need to use a legacy system ever then you cannot have a yubikey enabled anywhere.
2 comments
hughesjj 1203 days ago
wow. Hot take but i think yiur compliance team might suck.

imo you should always have at least two 2fa hids in case one gets damaged or lost or whatever and you need to force log yourself out or something.

link
remus 1203 days ago
Sounds like you need new compliance people!
link