Hi
@Heena Tabassum.
I don't see any thing such as "Do not challenge this device". There is a box that says something like "do not challenge me again" but it also says, literally, for the next five (5) minutes! But that (thankfully) does not seem to reflect reality, authentication seems to be granted for 24 hours it seems, then one needs to perform the 2FA again.
Also, people have brought rather substantial arguments against 2FA the way it's currently implemented, e.g. not being able to receive emails after a job change, because Broadcom seemingly won't allow to change their account email address. That, if true, is a big no-no. Oh, and also, the 2FA email is being classed as spam, because it originates from the domain sso.broadcom.com, which has no reverse DNS entry. I can't really fault my companies' appliance for classifying that as spam. Other companies might toss that email straight away, I've seen that setup. Luckily we don't.
@Jason McClellan said
in this thread that he's looking to have 2FA disabled, but I'm not sure if that's still going on or if his last message is to be interpreted as this being a lost cause. I asked him for clarification today.
I also maintain that one does not do 2FA for a forum that's openly searchable in Google and lets thousands of people post with fake names if they so desire. I don't secure my throw-away bicycle with a $600 lock and a three stage alarm system and a bite-happy leopard. Frankly, one does not slap inconviniencing measures with no prior notification on everything but the kitchen sink and expect no user backlash. That's what risk and threat assessment is for.
To me this 2FA is just a nuissance at present time (still costs me less time this month than to argue about it. The entire year? Not sure). But the probability that someone won't be able to login to the (vital) support portal due to some issue with 2FA, with time, approaches one. And once that happens in an Automic emergency for somone, that WILL cause further backlash. Just a function of time really. If Broadcom wants to to 2FA, they should do it right. Configure the email systems properly and listen to our input.
But pretty much all of this is just a rehash of what's already been said (and thus far frankly brushed off by Broadcom) because apparently I have OCD.
Best regards,
Carsten