![]() You may be prompted to enter your Okta password and/or use an existing authentication method to proceed.If you've previously configured the app and wish to reconfigure it, click Remove and then Setup.Locate the Security Methods panel and the option for Google Authenticator.Click your name in the upper right corner.If prompted for Two Step, respond with a previously enrolled device.Once the correct code is entered, you will see a screen to add an account. Enter your one time verification code.Click either SMS or Phone Call to receive a one time code.Enter your country and phone number of choice then click Next. ![]() You will be prompted to setup your Authy Account first. Visit Authy's website to download for Windows or macOS and install the software.It can be setup in a very similar manner to Google Authenticator. How do I setup the Authy desktop application to be used with Okta Multi-factor Authentication? AnswerĪuthy is a desktop application that can be used as another method of multi-factor authentication with Okta. So, the desktop 2FA option is a valid one, depending on your threat analysis.4.0 - Updated on by Denise Moser Question And that's why being mindful of our threat assessments and reviewing them from time to time is very important. The ultimate question becomes: what is the most likely vector of password compromise? And that question changes constantly. If we assume that one is more likely to get our passwords from the services we use (instead of our desktops), or even that one can get passwords from our mobile devices, then the desktop security measure legitimately adds a useful security function. If one can get your password, then one can get your 2FA code.īut, a desktop 2FA option is not useless if we change our assumptions. Since your threat analysis is desktop-based, then yes, your conclusion is correct that adding a security function to the already-assumed-to-be-compromised desktop does not add a layer of security. If that is your threat analysis, that's perfectly fine, just don't forget that you have made this differentiation. ![]() You made an assumption that affects your outcome, and you cannot forget that you are making this assumption: that one "likely" gets your password via the desktop computer (i.e. IOS, is comparatively the most closed ecosystem where unlike on Android most access are not opened in API and the app checking is more thorough. ![]() Smartphones have a more restrictive ecosystem and a shorter livespan, thus a lighter probability to be infected. Writing this I am understanding that this is based on the perception that:Ĭomputer integrity < Phone integrity < iOS integrityĬomputer are more likely to be corrupted through the pile of junk I am installing on it and their more important "openness" to system changes. But I can likely picture that someone able to setup a keylogger could steal enough information to reuse any 2FA system available on my desktop computer. In my understanding, an attacker would need to intercept my password (likely through a keylogger on my desktop machine were I log most) and an access to my phone, or to the key stored on my phone. Though I am not sure about adding a desktop 2FA utility. I am quite confident, especially when used on iOS (which has a better system level app segregation), that this gives a pretty good security. Basically 2FA relies on the idea that instead of just something you know, using a service also requires something you own.
0 Comments
Leave a Reply. |