Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Allowing to just register new apps or opening a support ticket would be insecure, as attackers now could easily circumvent multi factor authentication by following the same procedure.
Your company simply forgot to give you a "reset" code or a second second (sic!) factor. I agree on your conclusion that your company failing doing so is nuts. -
@sbiewald raising a support ticket would surely be linked to a verification factor which could be my email or something.
And if that is insecure then bloody find a way to make it secure instead of locking out a user completely.
Also, I got haters now. Second post that was downvoted. -
@magicMirror that's one mistake I did.
Being new to the org, I didn't save the IIT team's number. I saved it on my confluence page which is behind the SSO.
Was lazy to transfer the info to phone and now regretting it. -
@Maer lol yeah. Thankfully we got a recovery mechanism.
NO FUCKING GOOD NIGHT FOR FLOYD.
THIS MULTI FACTOR AUTHENTICATION IS A FUCKING NIGHTMARE.
So my organisation uses some MFA app as an SSO to access any and everything. Fantastic. Absolutely wonderful. No VPN shit and one password to rule them all.
But, for some reason I accidentally deleted the app from my phone and as any normal human being would do, I also reinstalled the app.
Well, post reinstalling, the app does not detect the linked Org account.
I was cool, when I'll login, the system will throw a prompt to map the phone.
So I login to org URL from my machine and lo and behold, the URL says that MFA is already linked to the phone and I have to enter the Citrix type code to login.
But phone does not show the code because account is no longer linked and web does not have option to change/re-register the phone.
What the actual unholy fuck?????? Bloody retards. How am I suppose to get in now?
So after a Googling for a bit, a thread mentioned that this is most common issue faced by users with this MFA app. The only way to get this resolved is to contact your IT team.
Cool. Let's do that.
I opened the link to my IT portal and it asks me to login via SSO which is what I need help with in first place.
I can't login to Slack because fuckers ask SSO every time the app is exited. So no contact there.
Thankfully bastards allow Outlook so was able to drop a note to one of my team member, whom I connected recently and is very nice, asking her to help me sort this IT team.
If this is the most common use case then why the fuck not add a feature to help people overcome this shit?
And my IT team is absolute nuts. No other way allowed to reset the linking or connect them or any help links provided on login page.
Whoever was behind this design should be dipped in donkey shit and deep fried in pig urine.
rant
fuck your multi factor authentication
bhenchod