From cloud to on-premises access, having two-factor authentication (2FA) can help keep attackers at bay. The goal is to get the attackers to go somewhere else and leave you alone. But what if an attacker wants to target you? Is your 2FA implementation good enough to protect you in that situation?
If you have rolled out 2FA already, you probably made some of the same decisions I did when implementing it. It had to “just work” and work well, not be too intrusive, and not allow too many false authentications. Then I had to balance the needs of protecting inside the office with that of enabling remote access.
