Newbie question: what is best #mfa #authentication method for #offline networks? I am playing around with a lab environment where I want good mfa inside but don’t want it to connect to the internet. My current point of view is: I can not place #Fido there since it „needs“ internet in many ways.. right? . My current way of thinking is i build a PKI into this network and use it with #yubikey acting as a Smartcard but not #u2f or #fido2 . Am I wrong ? Is there better options?
Conversation
Notices
-
Embed this notice
EINGFOAN :donor: (eingfoan@infosec.exchange)'s status on Sunday, 21-May-2023 19:21:31 JST 
EINGFOAN :donor:
-
Embed this notice
Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Sunday, 21-May-2023 19:21:30 JST 
Jake Hildreth (acorn) :blacker_heart_outline:
@eingfoan Why not traditional TOTP MFA? Not good enough?
-
Embed this notice
EINGFOAN :donor: (eingfoan@infosec.exchange)'s status on Sunday, 21-May-2023 19:50:11 JST
EINGFOAN :donor:
@horse I consider Totp weaker than fido since it is „just another password and can be fished more easily“ but you are right for the test lab could be a fit
-
Embed this notice
Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Sunday, 21-May-2023 19:53:04 JST
Jake Hildreth (acorn) :blacker_heart_outline:
@eingfoan It's definitely weaker than FIDO, but if the entire system is offline, I feel like the likelihood of successful phishing becomes essentially zero.
-
Embed this notice
EINGFOAN :donor: (eingfoan@infosec.exchange)'s status on Sunday, 21-May-2023 19:54:29 JST
EINGFOAN :donor:
@horse depending on your paranoia level … but I agree it is drastically reduced
-
Embed this notice
All GNU social JP content and data are available under the