Follow

Federal Government grant for COVID expenses = I get to spend a whole bunch of money on TECH without affecting my budget!

Already on the list are Surface Pros for all directors, a new laptop for me of equal or lesser value to the surfaces, Exchange Online licenses for all employees that don't already have Office 365 licenses.

Perhaps a proper VPN Server/Client solution? Any other security related things I should look into? @thegibson

:fingerguns:

@devrandom @thegibson You didn't ask me, but fuck it: I'll always recommend yubikeys, and their integration with windows 10 is actually pretty damn good.

Get people off of single factor has been a personal crusade of mine for half a decade now.

@docskrzyk @thegibson good point, I actually do have in budget for deepnet security SafeID tokens, would these be just as good?

deepnetsecurity.com/authentica

@devrandom @thegibson Well, in the sense of bang for your buck, the yubi can do a few things at once. TOTP/OATH, GPG, U2F, HMAC sigs... most of those are out of the grasp of regular users, but totp works (you have to have a corresponding app)

The plus for what you listed is it works without a computing device. Unless everybody has a USB-C phone & laptop (don't know of any USB-A phones lol) yubi'd be a wash.

The ability to have windows logins U2F'd without wrangling with the auth stack is a plus for the Yubi. Google also plays nice with it if you use their stack for anything.

So basically I think it would come to a how-far-down-the-rabbit-hole/what-can-my-users-put-up-with kind of decision? You'd get more from a yubi, but the other may be easier to implement from an IT level.

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.