Comment by smackeyacky
19 days ago
There are two technologies propped up by having to earn a living: windows and the iPhone.
No matter the android phone, trying to get your MFA experience working with the umpteen stupid MFA apps is painful because all the dev work went into the iPhone versions. I hate it but yep I ended up buying an iPhone although I never buy them new.
Windows is the other one and again it’s security related. More and more places simply rely on Active Directory/Entra and try telling the bank you’re working for that you have to have a Linux notebook. You’ll get laughed right out of a job.
I’d agree for a home computer Linux or macOS are the only sane choices now. But whatever is installed on my work provided computer is what I’m using and that’s windows.
I use an iPhone (out of choice) but what MFA doesn’t work on android?
I suspect this is about work related MFA apps; for example, one of the reasons I switched to an iPhone many years ago is the MFA app used at work would not run if the latest Android version with security bugfixes were installed, and the manufacturer had stopped providing updates for quite some time. At that point I was looking at a costly upgrade to one of the Android flagships, or an iPhone, of which I chose the latter.
>At that point I was looking at a costly upgrade to one of the Android flagships, or an iPhone, of which I chose the latter.
That's your personal decision though, you don't need a flagship android phone to have the latest versions of android. I pretty much never spend more than $100-150 for android phones and they always support all the normal MFA apps.
4 replies →
>but what MFA doesn’t work on android?
They all work fine, you just have to be on a relatively current version of android, and that's dictated by which versions the apps enable support for and not anything inherent to android in general. The idea that MFA apps don't work for half of phone owners is silly.
> I’d agree for a home computer Linux or macOS are the only sane choices now.
Unless you care about gaming at all. Sure you have the Linux evangelists who talk about how much better support has gotten (it has!) but there are still huge glaring holes.
I run MacOS for everything except gaming. I'm not even that big of a gamer but it's the only sane option there.
For quite a few years, it has gone from "unless you care about gaming at all" to "unless you care about an extremely specific type of game". You don't have to be an evangelist to see the value linux has for gaming now.
"at all"? No. If you don't have nvidia card or don't play online games with borderline malware-behaving anti cheats, Bazzite solves it all.
For Nvidia it's cachyos right now, apparently.
More to come.
Every MFA I know is TOTP now and it's interoperable with everything, even the Linux command line with oathtool
I used to work for a client who used Okta Verify. That wouldn't work under Linux, at least not without the org allowing it.
It looked like totp but I didn't have the info needed to setup a totp app.
It's still the system they are using.
My company had to buy me a phone just because of this.
I just use Mauth, its on fdroid. Pretty much everything is that common OTP standard. Same with OTPclient on gnu/linux
My only bad experience is duo mobile, but I expect it is equally bad on iOS
> Entra and try telling the bank you’re working for that you have to have a Linux notebook. You’ll get laughed right out of a job.
Entra id private access will cover that (and it frankly can't become the norm soon enough). For an extra $5 per license. I wouldn't worry too much about that part of Microsoft though. They always knew how to sell stuff to enterprise. You gotta wonder what their Windows division is doing though, but maybe they just don't want private customers.
We use Entra as our source of truth for users, groups, roles, permissions, intune, etc.
It get distilled down to various LDAP servers, but it's our primary SSO with MFA (several options, WebAuthn, U2F, TOTP, passkeys).
Our users (using various flavours of Linux/Windows 10, 11/Mac workstations, iOS/Android phones (inc. GrapheneOS), windows VDI) are simply enjoying the reliable authentication everywhere. Some time ago we added all our customers and all the customer services are on SSO+MFA on Entra too.
We protect almost everything with it and it "just works". Linux, windows servers, git* servers, integrations with colocation providers and suppliers, ancient things like odd IPsec, svn server or console switch.
Seriously if someone tells you your Linux or android is a problem, they're either lying or dangerously incompetent.
I've never used an iPhone and I've had an issue with 2FA / MFA. Mostly I use Microsoft Authenticator (even if, like Kleenex, sites will say "Use Google Authenticator.)
Can you name specific MFA experiences that don't work on Android?