If you need to know exactly what 2FA is then you should do some proper reading. It has a great many moving parts and in recent days there is a question as to whether it’s secure enough. I’ve considered google authenticator, freeotp, yubikey, and I’ve a few variations of the RSA.
I hate them all. They are never convenient to deploy or without friction in practice.
But the only important question is … how and when to use them effectively?
I have a number of edge computers and I installed 2FA on them. One of the machines is a jump server and that makes perfect sense.
I have not decided how the other computers are going to be used but I installed 2FA just because I could. One challenge is that
every time I try to
sudo I tie myself in knots having to 2FA. Another is since I am the devops I log into many different systems
in order to maintain them. That makes for a lot of passwords.
So the question is where is the best place for 2FS and what are the best rules.