Multi-Factor-Authentication in organizations is more than choosing the most secure 2nd factor.
Multi-Factor-Authentication is nowadays known to a lot of people and used at many different places. MFA is meant to secure the user logins. MFA is in the news. You should not use SMS, this is weak. You should not trust your smartphone. Passwords are evil. Go passwordless! Use FIDO2 – this is secure!
But if it is not only about you as an end user using multi factor authentication but about providing it, if you are responsible for rolling 2nd factors to the employees in your organization, to your customer or to any user group, then you are faced with a lot of organizational challenges, which are quite different then discussing about which 2nd factor is the best.
How can you ship hardware tokens to the users in a timely and secure manner? How can users enroll their smartphone, without any secrets being compromised? How can you integrate modern technologies like FIDO2? Is it possible to use FIDO2 in your situation at all? How can you handle lost 2nd factors with the least effort for the users?
Cornelius Kölbel will give a talk about these aspects at the Ohio Linux Fest. His talk will be online in a zoom meeting on Saturday November 7th at 12am EST. To join, you need to register at the Ohio Linux.
Start the discussion at community.privacyidea.org