I'm part of a small company with fewer than 15 employees, and we've been providing Apple phones to our staff. However, most of our tech team doesn't really use them—some only use them for multi-factor authentication (MFA) apps, which feels like a waste. My boss asked if there are alternatives to using phones altogether for MFA. I've thought about using FIDO2 devices, but they seem to have limitations on the number of MFA accounts they can handle. Is there a sort of device or solution out there that we could use instead?
5 Answers
Honestly, why not just grab some cheap Android phones? They don't even need SIMs, and they can connect to the office WiFi. This might solve your problem nicely without going for high-end devices.
Exactly! It’s a practical solution and way cheaper than maintaining iPhones.
You might want to check out YubiKeys if you're looking for a device for FIDO2 or TOTP. They’re great for secure authentication. However, if you're using systems that depend on specific authenticator apps, unfortunately, you might be stuck with iOS or Android.
You can either go with cheap Android devices or provide stipends for personal phone use if staff prefer that. It's becoming common for employees to not want separate work phones anymore.
If you're wondering how to implement this, first define your MFA requirements. You likely have options like TOTP fobs, which could replace those phones. YubiKeys work great too but keep in mind you'll need to ensure they fit all your systems.
YubiKey is a solid option for what you're asking about. You can find more info on their website. It should handle your MFA needs without relying on phones.
Thanks for the tip! It sounds like just getting low-cost Android devices could work for our team.