Hello guys,
I apologize if the subject is too much out of topic for this list.
Today I was surprised by hearing from a security (?) tech guy that using
2 factor authentication with AWS was not problem at all when using a
smartphone not provided by the company (my own, in the case) that has
several VMs on this provider.
Considering that the company (my customer in this case) has absolutely
no control of whatever I install or how do I use my smartphone, it seems
pretty naive to think it is secure enough. It seems to me more an excuse
to make professionals like me to pay the bill (the smartphone itself,
instead of doing the right thing and buying the MFA device, if security
is really the concern here) and probably the legal responsibility too.
I've being doing a (basically useless nowadays) effort of avoiding a
smartphone due lack of freedom, privacy and terrible cost-benefits (at
least here in Brazil, where not only smartphones being expensive, but
the associated service that also sucks big time).
I did some research in this list archives and couldn't find mention
about it. This article shed some light about the subject:
https://www.csoonline.com/article/3044605/security/does-a-smartphone-make-two-factor-authentication.html
What do you guys think about? Do you agree with the article author opinion?
Feeling like a Neanderthal here, doesn't matter if a lot of people on
the streets nowadays look like those spaceship characters of the WALL-E
movie...
Thanks,
Alceu
