Richard Bucker

Two Factor Authorization (2FA)

Posted at — Feb 9, 2020

If you need to know exactly what 2FA is then you should do some proper reading. It has a great many moving parts and in recent days there is a question as to whether it’s secure enough. I’ve considered google authenticator, freeotp, yubikey, and I’ve a few variations of the RSA.

I hate them all. They are never convenient to deploy or without friction in practice.

But the only important question is … how and when to use them effectively?

I have a number of edge computers and I installed 2FA on them. One of the machines is a jump server and that makes perfect sense. I have not decided how the other computers are going to be used but I installed 2FA just because I could. One challenge is that every time I try to sudo I tie myself in knots having to 2FA. Another is since I am the devops I log into many different systems in order to maintain them. That makes for a lot of passwords.

So the question is where is the best place for 2FS and what are the best rules.