[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thursday, 22 September 2022 09:09:38 BST Henry Bremridge wrote:
> I currently use Duo (Cisco) as it seems to work with all my work
> connections but I have now come across a site that either wants
>
> - Microsoft
> - Authy
>
> And Zoom recommends Google / Microsoft / FreeOTP. I note FreeOTP
> has been forked
>
> Does anyone have feelings one way or another?
I feel like I want more precision in the question ;)
Duo's app supports TOTP as used by Google Authenticator and FreeOTP. Just open the app and press "+ Add".
Duo's app even hides the TOTP tokens for services not being looked up (unlike some apps I could mention) so if it is overlooked you don't leak tokens for other services. To the question in the thread "what else do these apps do?" in the case of the Duo app it explicitly reports the version of phones operating system and security status of the device for the Duo admin to know if the devices are managed correctly.
I'd like to say Duo gives me a warm feeling of software done well, but I've had to report deviations of behaviour from documented behaviour in the app. So let us say it gave me the warmest feeling of the similar apps I tested, which is as close to a recommendation as you'll get, but it was a few years back now. It is alas closed source.
I also feel we should be weening folk from phish-able authentication schemes, which includes TOTP, and most SMS schemes (but Duo's own scheme can be configured sensibly if you like). I also feel we should be ensuring push notification schemes are protected from flooding a user with requests.
-- The Mailing List for the Devon & Cornwall LUG https://mailman.dcglug.org.uk/listinfo/list FAQ: https://www.dcglug.org.uk/faq/