• TinyBreak
    link
    fedilink
    arrow-up
    2
    ·
    6 months ago

    Correct, mfa ain’t enough. Especially in sensitive settings like the courts. Government gets twitchy about data going out of the country. You might even find dealing with the courts the mandate IS on prem.

    But I’ve had clients/customers/whatever click on links and have their auth token stolen from the browser, allowed an attacker to come in totally bypassing mfa. I’ve also had customers have their phone number ported away to steal the sms auth. Shit is scary.

    • Gibsonisafluffybutt
      link
      fedilink
      arrow-up
      2
      ·
      6 months ago

      Pretty sure the court is mandated to be on prem if I recall from the interview. Browser stuff can be mitigated to a degree, but how the fuck do you stop number porting and Sim cloning?

      • TinyBreak
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        So MS are dropping SMS auth totally. MFA requires an app, or it will. Its a VERY slow rollout.