15 Jul
2021
15 Jul
'21
5:56 p.m.
Client certs appears to be a good solution.
What's the process for managing them with more than a hundred client accounts?
If you've got the budget ... MDM. If you don't, you can probably hack together some sort of self-service system.
I believe the problem they are trying to solve is hacked accounts from
compromised passwords. Does client certs solve that problem?
Well yes.
If you make client certs mandatory, unless the client can present a valid cert, the server will kill the connection before the client has a chance to try out a compromised password.