Thanks for the thorough reply! I'll look through all the links especially the NIST doc.
FriedSink
Will it be cheaper? If Okta is an oauth service they have $1500 as their base price. Unless they're the exception
Google Workspace but all Windows laptops. No Apple devices, OT, or self-hosted infra. Hybrid, I guess.
As a startup it's a very simple business operation and there's no security protocol to speak of at the moment. We just use a dozen sass apps and I don't think we're ready for any full-on enterprise level security services.
Aren't USB sticks too unreliable for something important like 2FA codes?
Assuming they replace their own phone you mean? There's also productivity loss that we'd like to avoid. Temporary token stocked in what way?
I'm not familiar with AD so I'll have to do some more research into it.
Didn't know that. I'll look into it if we do.
Do your research from Tor or mullvad browser before going out instead of on the go searches.
What about using a password manager to store 2FAs for apps and websites and then a security key for the password manager 2FA?
The registry for that can be disabled. Not that it makes Windows much better