Cisco Acquires Duo or How Should You Do 2 factor authentication (2FA)?
Blog: Forrester BPM Center of Excellence
NIST has not been recommending SMS OTP 2FA for a while precisely because of SMS inbox takeovers, MITM attacks, etc. https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html From the license cost perspective moving away from SMS for example to Google Authenticator is minimal. Google publishes guides on how to do this https://developers.google.com/identity/sign-in/web/sign-in From the technical support perspective the process is marginally more expensive […]