Guns are banned and there's a night guard with a Big Mag flashlight or a billy club walking the beat around the bank, kicking a homeless man who fell asleep on the sidewalk to tell him wake up or your pocket's going be picked clean by morning, because you've got too much money in your name for your own good anyways, if you've got any teeth left in your mouth or can afford the dentist's bill for that.
On Saturday, July 2, 2022 12:15:09 AM AKDT, Marc wrote:
I have a small client whose insurance company insists they
have MFA for their email to be covered under some kind of data protection policy. Currently I have the client set up on a Debian box for the email server coupled with roundcube for webmail. Most the users just use roundcube but some also use their mobile devices to check ...
The two factor became necessary for the big 'moron' companies who decided to start using email addresses as logins so it was easier to track people, because in that situation you only have to try commonly used passwords or passwords used at a different application. If you stay with an username that is not published publicly, the commonly known password is still useless, since you do not have the username. I think for a small organization you can push this implementation at the insurance company. Unless of course they do not think ios and windows are not secure enough to store your username ;)