2FA the access card? Swipe your badge, receive a prompt on your phone “Are you trying to badge in at $BUILDING?”, hit allow, be granted access to building.
Another option would be badge + PIN code.
Comment on JP Morgan staff told they must share biometric data to access headquarters
CompactFlax@discuss.tchncs.de 19 hours ago
I feel like there’s some kind of middle ground between the notoriously insecure HID style building access card and providing biometrics.
I wonder if this has anything to do with a RTO push and people badging in for others. But then VPN usage would show that…
HakunaHafada@lemmy.dbzer0.com 13 hours ago
Dionysus@leminal.space 19 hours ago
Are you telling me you don’t VPN into the office when you arrive to the office?
atomicbocks@sh.itjust.works 14 hours ago
At one place I worked that was considered our two-factor auth….
Deestan@lemmy.world 17 hours ago
Well, I do. But it’s because the security layers on the wifi are more strict than on the VPN to such a degree that I can’t actually connect to it from my work laptop.
borari@lemmy.dbzer0.com 16 hours ago
If you can connect to the company vpn from the companies WiFi, they’ve configured their networks wrong.
rainwall@piefed.social 15 hours ago
Some companies do “internet only” wifi where there is no routing to internal services for anyone. A VPN is required, even when at work, to access anything internal wirelessly. Its a perfectly reasonable config that lowers the risk of breach of your internal network by exposing less of it over the air.
This is also the nominal config for most zero trust networks, but that’s more a consequence of the “always on” nature of those VPN connections.
Atherel@lemmy.dbzer0.com 12 hours ago
Our servers are in a data center and not in the office building. We work remote most of the time and are only in office for important meetings and other things where it’s just easier to work together when sitting on the same table. If you don’t work with confidential data like HR or top management where you have physical things nobody else should see, you don’t have a personal desk because there are more people working than workplaces.
So the office is just “another place to work”. Wifi and LAN are just for internet, you can’t access internal services without VPN. Makes it way easier to manage instead of heaving to different routes to maintain.
Deestan@lemmy.world 14 hours ago
Not quite like that. There is an internal wifi that I can’t get onto, and a public “guest” wifi that half of the tech staff uses and VPNs from.
Basically the protected wifi only really works on locked-down windows machines, and those aren’t usable for most developers. It’s mostly mac and linux there, and while the protected wifi is supposed to work on those, the IT staff don’t know how.
CompactFlax@discuss.tchncs.de 18 hours ago
Maybe I should, to establish a pattern.
But then I’d have to go to the office. Ew. HR is there.