The push back on MFA I think comes from bad implementation of MFA. I don't think most people mind clicking a button on their phone. Especially if we can get a little more lax on the password policies. I personally believe forcing people to constantly change passwords is in of itself a security risk. I understand why we do it. But MFA is a great opportunity to take some of the reliance off of passwords which is far less convenient. AS an IT professional I obviously recognize and enforce MFA. But as a consumer I hate it. I still remember being unable to use the google "find my phone" feature because It was locked behind an MFA which required my phone. I also remember working at a job that required MFA for everything. Connect the phone to the MDM? MFA, Install email through that email MFA, login to email? MFA, Click another app? MFA. It was a horribly annoying and bad implementation. Compare that to where I work now, and have single sign on. I only have to use the MFA when logging into an account on new PC or browser, or if I use the VPN to connect to another site. It's not constantly getting in my way and becoming a hindrance.
Great conversation fellas!
So confusing that the sound is reverse in the sense of left right channels... My Brain hurts xD
The push back on MFA I think comes from bad implementation of MFA. I don't think most people mind clicking a button on their phone. Especially if we can get a little more lax on the password policies. I personally believe forcing people to constantly change passwords is in of itself a security risk. I understand why we do it. But MFA is a great opportunity to take some of the reliance off of passwords which is far less convenient. AS an IT professional I obviously recognize and enforce MFA. But as a consumer I hate it.
I still remember being unable to use the google "find my phone" feature because It was locked behind an MFA which required my phone.
I also remember working at a job that required MFA for everything. Connect the phone to the MDM? MFA, Install email through that email MFA, login to email? MFA, Click another app? MFA. It was a horribly annoying and bad implementation.
Compare that to where I work now, and have single sign on. I only have to use the MFA when logging into an account on new PC or browser, or if I use the VPN to connect to another site. It's not constantly getting in my way and becoming a hindrance.
MFA is easy, I never got why so many people struggle with it.. Put your Password in, then put your code in... What do you mean its hard?
I don’t think it’s hard so much as it’s inconvenient, and people today do not like being slowed down by a millisecond.
No cars in 1865. Inaccurate. Get off my case. I'm a nerd.