zlacker

[parent] [thread] 5 comments
1. hnlmor+(OP)[view] [source] 2023-04-11 17:02:43
I really want to like this but the limitations described, requiring an admin account with 2FA disabled, makes this more risky than not using it at all.

Until those limitations are resolved, if that’s even possible, this feels like an audit hack rather than a security solution.

replies(3): >>PhLR+11 >>numbsa+H8 >>daniel+yl
2. PhLR+11[view] [source] 2023-04-11 17:06:38
>>hnlmor+(OP)
In future versions it will be possible to do the same with, for example, your Google SSO sign-in and 2FA enabled. The reason for the limitation is that we simply wanted to get it out into the world and see if anybody is as excited about it as we are.
replies(1): >>tracke+Qa1
3. numbsa+H8[view] [source] 2023-04-11 17:41:08
>>hnlmor+(OP)
Yeah, the current approach basically makes this entirely a non-starter for the target audience (eliminate a critical control for people for whom critical controls are a pain point).

Uploading your 2FA tokens to a third party is also likely a non-starter, sorry.

replies(1): >>mathia+lm
4. daniel+yl[view] [source] 2023-04-11 18:32:53
>>hnlmor+(OP)
Have you looked at Cerby?
◧◩
5. mathia+lm[view] [source] [discussion] 2023-04-11 18:35:58
>>numbsa+H8
You don't need to upload your 2FA tokens somewhere. Everything runs on your local machine. You can do whatever you want there.
◧◩
6. tracke+Qa1[view] [source] [discussion] 2023-04-11 22:23:39
>>PhLR+11
For reference, the azure client, opens a browser for the login, which redirects to a dns address that equates to "localhost" on a port that will effectively get the final auth tokens to the local instance, which then persists and shuts down the service. Should be able to do very similar.
[go to top]