Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I understand that, but I don't understand how it's an example of BeyondCorp not working somehow.

Maybe the 2 devices are a PC and Mac because the employee needs tools that only work on one platform or the other. But that's orthogonal to BeyondCorp.



The poorly explained point is that your users don't have 2 trusted devices at once, so if you don't like the device the user is using, there is nothing they have that you will like better, so there is no point in having one device vouch for a other, or splitting trust/privileges among two devices for the same user.


Wait, that's what that passage is supposed to mean? It does not seem obviously correct to me. Why can I not enroll several trusted devices?


You can. There's a focus on verbosity that's hiding the core of "many googlers only have one device!". I don't understand what the authors getting at though, its a non-issue at Google and they should know that? Trivially, let's say that a clear workaround is having a help desk for this situation that doesn't require device trust


Also many/most users with a laptop do have a second trusted device: a phone.


The second trusted device is a USB FIDO key. No second computer is needed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: