Google has announced it will be sending 10,000 users free "Titan" security keys to encourage high risk users to use two-factor authentication. What is your preferred 2FA method?

Identity & Access Management (IAM)News

Password7%

Biometrics (Fingerprint, Face ID)41%

Hardware Tokens24%

SMS Text Message15%

Software Tokens10%

Other (share below)

646 PARTICIPANTS
6.6k viewscircle icon1 Upvotecircle icon4 Comments
Sort by:
IT Manager in Construction2 years ago

SMS should be banned it's simply unsafe and unreliable.

Director of IT in Software4 years ago

We used SMS for quite some time, changed the MFA vendor and start using App-based. I find App-based less reliable than SMS. If cost is not a factor SMS is a more robust option.

Senior Director - Enterprise IT & Cloud Transformation in Services (non-Government)4 years ago

App based is the way forward

Lightbulb on3
Board Member in Healthcare and Biotech4 years ago

The most secure 2FA would be an out of band authorisation of any transaction using mobile app or similar

Lightbulb on2

Content you might like

Curious how people are dealing with fraud, and specifically tech support scams, in their organisation. Our service desk have a protocol (using personal questions and answers or escalation to a manager) when validating staff requesting password resets. This wouldn't be scalable to our wider population.  I've heard of one tech firm implementing something simple like 2 random words generated on an internally hosted website every, say, 60s that can be used as a challenge & response. Does anyone have any other smart, easy to use, bits of tech that I should consider as part of a wider on-going education and awareness campaign?  I'm assuming this is a hot topic for many of you, given the recent Quick Assist social engineering ransomware attacks.

Has your organization experienced any impact (direct or indirect) from the executive orders aimed at government spending? Were you able to do anything to plan ahead for this? What precautionary steps should one be taking?

Read More Comments

National Security Agency Director Gen. Paul Nakasone said ransomware attacks are likely to remain a daily threat for at least five more years. Do you agree with his statement?

Strongly Agree16%

Agree66%

Neither Agree nor Disagree11%

Disagree4%

Strongly Disagree

View Results

Of the "10 worst things about Windows 11" listed by PCMag, which ones do you agree with?

Hardware requirements are too high16%

Changing default apps is difficult22%

Requires user to sign in to a Microsoft account19%

Start Menu is less usable than Windows 10's13%

Taskbar is less helpful than Windows 10's6%

"Forces" you to use the edge browser for built-in search and weather8%

Action Center replaced by separate settings and notifications panels3%

Fewer gestures for tablets

Still requires third-party antivirus3%

Not innovative4%

View Results

We're mandated to allocate IT costs to the service level, but this creates friction with Identity & Access Management (IAM). The issue: non-negotiable security costs (MFA, SSO, governance) often exceed the cost of low-value services they protect (e.g., internal portals), leading to business owner pushback. How have you addressed this "Low-Value Service Paradox"? Do you keep foundational SSO/basic provisioning as corporate overhead or allocate everything? Do you use risk- or value-weighted allocation to subsidize essential, low-cost services? Who owns the final decision on allocation formulas—Finance, CIO Council, or Security? Please share specific solutions and governance models that have made IAM cost allocation fair and sustainable.

Read More Comments