Reply to post: Depends entirely on the risk

2FA? We've heard of it: White hats weirded out by lack of account security in enterprise


Depends entirely on the risk

I have a login to my company's private server, but there really isn't much damage that an attacker could do, because all that's on it is my daily calendar (when I bother to update it), current project status, leave applications and a few other things that allow damagement to get a basic picture of employee availability and what we are all currently working on. We are not a high-profile company doing secret stuff that leaked project statuses would be of benefit to anyone.

If there's nothing that really needs protecting, then anything that makes things a bit more difficult to log on is a disadvantage. Not many people fit steel doors with separate deadbolt locks on all 4 sides of the door to their house, because in most cases the risk is not high enough to warrant the expense and inconvenience of doing so. If however you were at significant risk of murderous attack, it might be worth doing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon