Hi. What token app are you using? Like I say all the push notification 2fa systems I am using are using their own apps: Microsoft AzureAD and personal accounts: Microsoft authenticator app Google accounts: Youtube Banking: Banking app provides push notifications for 2fa. Salesforce: Salesforce authenticator Okta: Okta authenticator Ping: Ping authenticator Those last 2 are for clients I do work for and the authenticator I think also sends my location to the auth provider so they can see where I work. Right now for everything else using 2fa I store the tokens in Bitwarden. Guarding Bitwarden I have some Ubikeys and also store a 2fa token in Microsoft Authenticator as it backs up to my Microsoft account. The Bitwarden browser extension and iOS app supports filling in the 2fa tokens automatically for a given site. I am thinking of extending Bitwarden out to a family subscription with my parents but haven't done it yet as waiting to see how the new unified open source Docker image works out for people in which case I will host it myself. If I go this route I would buy a pack of Ubikeys and set things up so people can use either the Authenticator app with a code to log in or the Ubikey. They will need to have their master password of course.forget their passwords all the time. Andrew. -----Original Message----- From: David Mehler Sent: Monday, April 24, 2023 11:46 PM To: Mailing list for blind system administrators Subject: [Blind-sysadmins] Re: Implementing 2FA push authentication Hello, Thanks for your replies. It sounds like this isn't going to be a one-app solution, I hope I'm wrong. Sites I'm trying this on a bank site, paypal, amazon, facebook/twitter, pretty much if it's common then those. As I said i'd like to keep this as simple/intuitive as possible. While I don't mind a hardware token option it's not something I want to try to get everyone to carry around. Some of them are rather forgetful and I'd trust them with a mobile phone vs a hardware token. Andrew, which sites are you using that have push services and that utilize an app? And does your solution go for an allow or deny setup on a phone? Thanks. Dave. On 4/24/23, Andrew Hodgson wrote:

Hi.

What sites are you trying to use with 2fa? Some of them have the option of using a push service, some don't. The ones that use a push service generally require a special app to get it working, meaning you can have several 2fa apps on the phone to provide push services for each one.

I myself use Bitwarden and have the tokens stored in there and have that protected by a Ubikey. Means I don't need to type in the 2fa codes.

Thanks. Andrew.

-----Original Message----- From: David Mehler Sent: Monday, April 24, 2023 2:04 AM To: blind-sysadmins Subject: [Blind-sysadmins] Implementing 2FA push authentication

Hello,

I'm trying to get 2FA going for some users. I'm finding the user experience difficult to sell as they don't like entering the user codes. What I'm trying to do is get 2FA push notifications going, where they get the notification of where the authentication is being made from and other information, and they just tap confirm.

Ideally i'd like to make this as easy as possible.

Suggestions? Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org