|
|
|
|
|
|
by shyn3
5067 days ago
|
|
|
Thinking of it for enterprise users it could really work. Enterprise users seem to be on Outlook all the time checking their e-mails so this would work if you can't tie your passwords into AD/Exchange. Maybe have an option to have a token that can be entered or a link clicked. I get all my e-mails on my phone so if I received a code that I can enter in my phone that can work. I could also click a link in Outlook and be logged on. Now if someone has my phone which is receiving my e-mails and they enter the e-mail on a website and receive the secure login we got a big problem. I don't know how to get around that. Interesting discussion, but some flaws. I would think it requires some sort of 2-factor auth to save people whose e-mail addy is compromised. |
|
|
At work we have a policy that smart phones are locked by a PIN. No PIN, no email.
This is not ideal: no mechanism to enforce 'good' PINs, force a user to change them on a regular basis.