Anyone using hard tokens/hardware-based MFA? What's your experience?

Identity & Access Management (IAM)Vendor/Product Assessment
302 views1 Upvote6 Comments
Director of IT in Software, 201 - 500 employees
I use hardware-based tokens for my bank transactions and don't like that I cannot replace them with a mobile app.
I prefer mobile apps for MFA instead of needing to carry hardware tokens with me.
1
VP of IT in Healthcare and Biotech, 10,001+ employees
Ex user of hard token but very much like software token now with mobile apps.
CISO in Banking, 10,001+ employees
Very hard to manage with lost token and synchronisation issues, plus battery life isn't that great
Director in Manufacturing, 1,001 - 5,000 employees
We first tried key-fob hardware tokens about 10+ years ago.  Technically worked.  Then there was a famous breach where the algorithm was compromised and we dropped them.   More recently we offered it via software installed on phone or tablet.  Our employees rejected the software on any BYOD devices.  (Long back story on that)   It seems to work reasonably well for those with Corporate owned cell phones, as long as they don't forget them at home.  That does occasionally happen, and that creates a lot of grief at IT and the Service Desk.   I personally believe 2-Factor should be with password and Biometric, either face or thumbprint.  It needs to be something you can't forget to bring with you if you are implementing this across a large and diverse workforce.  If you are doing MFA but just for your key IT people, or for very special critical employees with access to critically sensitive data, the latest Token/Hardware solutions may serve you well. 
3
CTO in Software, 11 - 50 employees
Same as many others, have had the horrific experience of having to support RSA key fobs and then transitioned to a combination of Yubico's YubiKey for hardware-based MFA and Duo for Enterprise wide software-based MFA
CTO in Education, 1,001 - 5,000 employees
Not the best solution, there is nothing you can do if you forget your token at home, battery runs out after 1-2 years so you would need to order a replacement. total cost of solution is huge compared to soft tokens.
in my opinion, hard tokens will fade our soon.

Content you might like

How likely is it that the Open App Markets Act will weaken consumer security?

Security & GRCNewsVendor/Product Assessment

Very likely8%

Likely51%

Somewhat likely25%

Somewhat unlikely7%

Unlikely4%

Very unlikely1%

Unsure5%


194 PARTICIPANTS
713 views

If your organization uses an AI low-code development platform, has your vendor provided sufficient user education?

Artificial Intelligence & Machine Learning (AI/ML)Applications & PlatformsEngineering+1 more

Yes66%

No31%

Other (comment below)3%


478 PARTICIPANTS
1.7k views1 Comment

Does anyone have any guidance, tips, and/or templates to share to help establish Identity Access Management governance as a part of an overarching Identity Governance and Administration program?

Process ManagementIdentity & Access Management (IAM)
372 views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
42.2k views131 Upvotes319 Comments

What are your thoughts on SaaS management platforms (SMP)?

People & LeadershipStrategy & ArchitectureCloud+87 more
2.3k views5 Upvotes