[WinPartners] MIT Personal Certificate Renewal Time
Rich Pieri
ratinox at mit.edu
Tue Jul 14 13:52:37 EDT 2015
On 7/14/15 1:42 PM, Teddy Thomas wrote:
> You can use Duo without a smartphone; it can send SMS codes or
> regular phone calls. However, that still might be insecure. For
> example, if I walk away from my desk, and I have a malicious
> co-worker, they could potentially get the verification call on my
> desk phone. Or, if I have mirroring of my texts turned on for my iOS
> devices, someone might be able to get the SMS code that way.
Indeed. My desk phone is not physically secure and my personal cell
phone is voice-only for emergencies (no SMS). Thus my query. IS&T are
mandating that we all use Duo as a security mechanism. Therefore it
falls to IS&T to ensure that we all are able to use Duo securely.
--
Rich Pieri <ratinox at mit.edu>
MIT Laboratory for Nuclear Science
More information about the winpartners
mailing list