Again and again in workshops, I have discussions about whether you really need two-factor authentication to access the Endpoint Central console.
A TFA is set up there for administrative access and you can specify how long this should be stored in the browser. I generally set this to a maximum of one day even if it could be stored for much longer. Because it is the easiest way to secure it!
Unfortunately, not everyone agrees with me. Because you have to enter an additional code via email or the Authenticator app. “You don’t have it anywhere else and it gets in the way of your work!” is what I often hear.
Well – if you’d rather rebuild the company because you’ve just been hacked because of an uncomfortable TFA … please be my guest!
Today I have to use a TFA everywhere … WhatsApp, LinkedIn, banks, and many more! Two-factor authentication was developed back in 1984 and is therefore already 40 years old.
Something else that many people use as two-factor “security” has been around for about as long: The Recycle Bin in Windows
There was a funny workshop in which there was a heated discussion about the purpose of the TFA and I asked the question: “Do you actually delete the Windows recycle bin automatically via GPO? If not, do you want me to show you how to automate this in Endpoint Central?”
Just like in the movie, it was quiet at first before someone started laughing and said, “Okay, we’ll set up the TFA. If we can’t automatically clean up the recycle bin because users use it as a backup folder, then nobody can complain about a TFA.”
I know! – doesn’t come across as funny when you read it as it was live. 🙂
For me, TFA is the easiest way to protect my company, my social media, my accounts and my data, and there are many ways to simplify this. There are many types of TFA.
What kind of TFA do you use?
