this post was submitted on 20 Sep 2023
6 points (100.0% liked)

cybersecurity

3310 readers
22 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

you are viewing a single comment's thread
view the rest of the comments
[–] 0xD@infosec.pub 0 points 1 year ago

If you add any specific measure I could comment on that, but generally I think that user experience must be taken into account up to a point. You won't disable 2FA so they don't have to get their phone, but you implement it with SSO so logging in once is sufficient.

Power users such as admins on the other hand should be able to understand and use higher security measures such as 2FA for every administrative login.