How Discord Rolled Out Yubikeys for All Employees

Have you ever found a user at your company who actually likes using multi-factor authentication (MFA), either time-based one-time passwords (TOTP) or push-based MFA? Either method adds friction for users by necessitating a second device for logins while increasing the cost to attackers. However, both have problems. SMS MFA is widely regarded as insecure because of the proliferation of SIM jacking

[efcl]

Yubikeyを従業員に配布してフィッシング防止をするパターン。 Oktaで"例外"のグループを作っておき、徐々にYubikeyをデプロイしていく。 Yubikey + MacのTouchIDの2つ、管理者はバックアップとして3つのキーを登録。配布は Yubico Enter

[ya--mada]

は、確かに、ディスコなら危ない。