• 0 Posts
  • 21 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle




  • The definition I learned for web 2.0, as it was happening, was a shift from static web pages generated all at once on the server and delivered to the client whole, to using Ajax with in-browser Javascript dynamically changing already-delivered pages with back-end XML calls.



  • IHawkMike@lemmy.worldtoAsklemmy@lemmy.mlCan I refuse MS Authenticator?
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    edit-2
    6 months ago

    We can restrict the use of software TOTP, which is what companies are doing when they move users onto the MS Authenticator app.

    Admins can’t control the other TOTP apps like Google Authenticator or Authy unless they go full MDM. And I don’t think someone worried about installing the MS Authenticator app is going to be happy about enrolling their phone in Intune.

    Edit: And even then, there is no way to control or force users to use a managed device for software TOTP.


  • This is incredibly well said and I agree 100%. I’ll just add that software TOTP is weaker than the MS Authenticator with number matching because the TOTP seed can still be intercepted and/or stolen by an attacker.

    Ever notice that TOTP can be backed up and restored to a new device? If it can be transferred, then the device no longer counts for the “something you have” second factor in my threat model.

    While I prefer pure phishing-resistant MFA methods (FIDO2, WHFB, or CBA), the support isn’t quite there yet for mobile devices (especially mobile browsers) so the MS Authenticator is the best alternative we have.





  • There are two different, and only slightly related, things here:

    1. Access to company data through your phone (via Teams, Outlook, etc)
    2. Using your phone as an MFA device to access company data, even on your work-issue laptop and to access browser-based SaaS apps like your payroll system.

    The first absolutely can and should depend on the age of your device. MAM or MDM policies combined with Conditional Access should block older devices not receiving security updates from accessing and storing company data.

    The second, assuming they are now requiring phishing-resistant MFA, only requires that you have the Microsoft Authenticator app installed (FIDO2 and CBA are alternate PRMFA methods, but more complicated to implement). The MS Authenticator is supported on Android 8.0 and above and your S8 supports Android 9.0.

    So unless there is a job requirement to use your phone for email and Teams – in which case they should definitely offer a stipend or CYOD phone – you should be fine just installing the MS Authenticator app on your phone and using your work-issue laptop for email and Teams.

    Edit: I just saw your other comment that they use Duo. In that case you might be hosed since it requires Android 11.0. I’d at least start by opening a ticket with the help desk and keep an email trail with your manager of what part of your job you can’t do. But they should be able to provide a method of authentication that complies with their policies.




  • This is entirely from memory from a time before every Easter egg and explanation was published on the internet, and I haven’t watched it in a few years. So I could be wrong.

    But I always thought >!the woman on the plane next to the red-haired man with the pre-released, pure virus about to travel around the world, is one of the doctors from the future that was sending Bruce Willis back to locate a pure sample of the virus so they could develop a cure in the future. As she introduces herself, she says she works “in insurance.” So I always took that to mean their original goal was successful. !<

    Regardless I need to watch this movie again. It is easily one of my favorites and the first movie that made me realize just how amazing an actor Brad Pitt is and that he wasn’t just another pretty face in Hollywood.