| Do both. Biometric to unlock phone, PIN to load 2FA auth app, and a password to actually login. Actually, I am reminded of the 00s when companies used to have badges and badge readers you'd take home and plugin to your machine and you had to use those to authenticate connections. Password + physical token. It was secure, but not convenient if you left your badge behind somewhere. It wasn't wireless, no worries about snooping. When it did work, it was magic. My Active Directory credentials automatically carried over between machines, across networks, for debugging purposes to dev boxes, and I was even able to step from C# code running locally into a stored procedures on a remove SQL server all from within (the OG) Visual Studio. Nothing works anything near that well anymore. :( (Show of hands, who here reading this can start debugging their staging environment databases from within their IDE, with a single button press?) |