"Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) password"

Again, since it's just me, this is do-able. But I'm looking for something practical as well.
I'm getting the feeling that people don't have an MFA implementation.

"if the users are sufficiently discipline"

As a Sysadmin, I can tell you they genuinely are not and they likely never will be.
Hope for the best, plan for the worst.

I also want to clarify that I'm not rejecting any of these suggestions, they're all good.

On Sat, Nov 13, 2021 at 4:42 PM Ralph Seichter <ralph@ml.seichter.de> wrote:
* Tyler Montney:

> Since this is getting increasingly complicated, I wanted to ask before
> going further. What do you all do? Any recommendations?

Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) passwords which are used only once (!) and kept
either in the user's brain or in an encrypted password store. Ensure
that authentication data can only be transmitted over encrypted
connections.

These measures cover a lot of ground, if the users are sufficiently
disciplined. Users are usually the weakest link.

-Ralph