Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We use Duo at work for 2fa. I am laughing my ass off, I literally can't do anything -- can't get on the VPN, can't get into my emails, can't access company services. They locked everything down so hard, they've literally chained themselves to a radiator and tossed the key out of reach. We didn't receive internal communications about the outage yet -- and my bet is it's because whoever's in charge of that, is locked out due to the outage.


I would never do duo 2fa only. It sucks if one of your factors does not work. Most of the time I always try to use two 2fa apps.


TOTP tokens don’t meet alot of compliance requirements. You usually need a PIN or crypto device with a dedicated solution.

Like the popular password vault says in the name… 1Password for everything. If everything can stand alone in 1Password, it ain’t MFA.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: