Re: Protecting workstations with Duo

[Rich Graves <rgraves () CARLETON EDU>]

The nice thing about many of the typical Duo factors is that they are
slightly less likely to be stolen or left unattended than a Yubikey or
smartcard. Of course, if you allow voice call to your desktop phone as a
backup factor, which is something that we actually recommend to most people
for pretty good reasons, that's not going to protect your desktop computer.
Regardless, make sure the security/usability ratio is meaningfully positive.

On Wed, Jun 7, 2017 at 1:24 PM, randy <marchany () vt edu> wrote:

> I use Yubikey as my standalone 2nd factor (no duo). I have it tied to my
> local accounts on my laptops (standalone). THe yubico setup is pretty
> straightforward to set up.
>
> -r.
>
> On Wed, Jun 7, 2017 at 1:23 PM, Emily Harris <emharris () vassar edu> wrote:
>
> > I'm curious if anyone has deployed (or is thinking of deploying) MFA on
> > their workstation logins via Duo.  It looks like it can be done, but it
> > isn't very straight-forward.  It requires a local workstation client, and
> > to manage the users via Group policy.
> >
> > Our goal is to require MFA for admin accounts only (for now).  I'm
> > wondering if anyone has already deployed this.  Thanks!
> >
> > ----
> > Emily Harris, CISSP
> > Information Security Officer, CIS
> > Vassar College
> > 845-437-7221 <(845)%20437-7221>