Hi! I face the same situation at work, what i simply do is to have an android tablet (which i also use to read while traveling to work) just to use the 2 factor authentication at work, and a dumb phone to make and receive phone calls from my wife and family.
> -------- Original Message -------- > Subject: [OT] how secure is 2 factor auth with a smartphone? > Local Time: December 13, 2017 11:16 PM > UTC Time: December 14, 2017 2:16 AM > From: glasswal...@yahoo.com.br > To: misc@openbsd.org > > Hello guys, > > I apologize if the subject is too much out of topic for this list. > > Today I was surprised by hearing from a security (?) tech guy that using > 2 factor authentication with AWS was not problem at all when using a > smartphone not provided by the company (my own, in the case) that has > several VMs on this provider. > > Considering that the company (my customer in this case) has absolutely > no control of whatever I install or how do I use my smartphone, it seems > pretty naive to think it is secure enough. It seems to me more an excuse > to make professionals like me to pay the bill (the smartphone itself, > instead of doing the right thing and buying the MFA device, if security > is really the concern here) and probably the legal responsibility too. > > I've being doing a (basically useless nowadays) effort of avoiding a > smartphone due lack of freedom, privacy and terrible cost-benefits (at > least here in Brazil, where not only smartphones being expensive, but > the associated service that also sucks big time). > > I did some research in this list archives and couldn't find mention > about it. This article shed some light about the subject: > > https://www.csoonline.com/article/3044605/security/does-a-smartphone-make-two-factor-authentication.html > > What do you guys think about? Do you agree with the article author opinion? > > Feeling like a Neanderthal here, doesn't matter if a lot of people on > the streets nowadays look like those spaceship characters of the WALL-E > movie... > > Thanks, > Alceu
