The Water Cooler

Expand all | Collapse all

Two-factor authentication-2 and more

  • 1.  Two-factor authentication-2 and more

    Posted 03-31-2020 07:44 AM
    Hi all,

    I am also sick of double authentication on the support page. It is very boring to have to reconfirm who you are every day you enter, some days, several times. Especially when you are installing a product and your connections are common. Possibly, it will be because my labtop use dynamic IP.
    Not a bank has that level of demand.
    On the other hand, the change in the way of providing the CA-IDMS manuals has been to worsen (eg: a pdf of more than 8000 pages with more than 70 index!)
    Although both the technicians and our commercial contact serve us phenomenally, in terms of web support, the move from CA to Broadcom has been very disappointing.
    (I have opened a new thread because I have not found where to continue with the thread already open. I've only found 'Reply privately' ). :-(

    Regards,


  • 2.  RE: Two-factor authentication-2 and more

    Posted 03-31-2020 05:37 PM
    @Jesús Martínez Lorrio - Okta is what it is and acts the way it acts.   The decision was a Corporate IT decision affecting all Broadcom sites which require a login. ​ VPN, revolving IP addresses will flag a new login - I don't know of any SSO system that is different.   If I move from the office to my home office on my notebook, I also get flagged to login.   My mobile when logging in is even more finicky.     Adapt and Change.

    ------------------------------
    Thank you
    Jason
    Broadcom Community Platform Admin, IT
    ------------------------------



  • 3.  RE: Two-factor authentication-2 and more

    Posted 04-01-2020 08:42 AM
    This isn't a response about MFA (although I agree with you there), but on the IDMS manuals. Not only IDMS -- the trend seems to be to provide one huge PDF for all products. This means that, for example, you are providing totally useless (and probably inappropriate) information to everyone, No applications person needs to know about how a product is installed. Nor the internals of exits (especially security exits). Much less an end user. But with one huge PDF, to provide any info, you have to provide all info. Who thought that was a good idea?


  • 4.  RE: Two-factor authentication-2 and more

    Posted 04-01-2020 10:30 AM
    Effectively. The previous organization is missed in the case of CA-IDMS. As for the organization on the web, it is comfortable for generic searches, but when you want to tackle a topic in depth (eg: install new version) it is better to have individual PDFs than to be paging from the right frame of the web.
    In the case of Installation, the PDF was available, but I suppose it was removed when the new service pack was released and will be published later.
    Thanks for the thoughtful response, although I understand that my comment should be published in the Community; critical as they are, they are the drawbacks of opening a forum. At no time have I been disrespectful or ill-spoken.
    Regards,


  • 5.  RE: Two-factor authentication-2 and more

    Posted 04-02-2020 03:13 AM
    I agree that the SSO security is not only cumbersome, but a real hindrance to working with the support site.
    I understand there's a security advantage in using MFA (and been using it in other places), but the behavior seems outright broken/faulty:
    * The 'remember me on this device' doesn't seem to work, I have to use the 'Send Email' to get a OTP token without even starting the browser or changing the network location.
    * I login on the main support site, then when opening the Cases tab, I'm again prompted to login - and again with a separate OTP challenge by email. For the record, the Sign In to communities works (SSO) if I'm logged in to the support site, so some kind of SSO takes place.

    Instead of shrugging it off as 'this is how Okta works', isn't it possible to investigate how we can better the user's experience ?


  • 6.  RE: Two-factor authentication-2 and more

    Posted 04-02-2020 05:03 AM

    Instead of shrugging it off as 'this is how Okta works', isn't it possible to investigate how we can better the user's experience ?

    There have been several threads on this already, information is rather fragmented by now.

    I whole heartedly agree with you on the above, and several among us have said the same thing. But here is some more background on your particular points:

    I understand there's a security advantage in using MFA (and been using it in other places),

    An argument can be made that there is a security advantage for the support site. For the community site, which has thousands of account holders, some of them virtually anoymous, and the content being public, there is near-as-makes-no-difference security advantage in my humble opinion.

    The 'remember me on this device' doesn't seem to work

    This mechanism also seems to be browser dependent. It has been pretty much established for me that it now (after some intiial issues) quite reliably remembers me for an Opera browser (Chrome engine), but for the company-mandated IE11, it does not work. You may want to try another browser perhaps. But if your IP is changing, such as with a VPN, sadly it's said to definetly won't work at all.

    Best regards

    ------------------------------
    These contain very good advise on asking questions and describing supposed bugs (no, you do not need to go to StackExchange for Automic questions, but yes, the parts on asking detailed, useful questions ARE usually relevant):

    http://www.catb.org/~esr/faqs/smart-questions.html

    https://www.chiark.greenend.org.uk/~sgtatham/bugs.html

    I will not respond to PM asking for help unless there's an actual reason to keep the discussion off of the public forums.
    ------------------------------