@tinker i run a DUO MSSP. I can confirm it is disabled by default per instance and is not integrated into the core auth elements. I have just spent valuable time verifying this. why do they do mind numbing things like this - oh, some people have asked for this..
Post
Replies:
0
@tinker The organization must create an account with Persona and drop API keys into Duo.
Admins do nothing, and there is no integration. (see screen shot)
Duo can't create a Persona domain and force an org into using it.
@tinker That is all I needed to read to remove the Duo app and cancel business with the one vendor we work with who insists on us using it.
If you work with HIPAA or PCI, this integration is a red flag for risk assessment.
I can't fucking believe this...I swear... every damn day...
I use DUO MFA to auth into my graduate uni alumni email account. So, are you (implicitly) saying that, by extension, they may block access to alumni uni email accounts until one verifies for restored access to said uni email accounts??
Just putting it out there because it's not too hard to extrapolate into the not-to-distant future..
I mean, you keep running and running to stay just out of their clutches...
@synnfynn - So two things. One, you can ask if they are using this feature to validate people. They'll tell you straight up. If they aren't using this feature, then THAT PART AND ONLY THAT PART does not apply to you.
The second thing is they appear to be using Persona on the backend anyways. So your PII (based on what I'm reading on their own website) is being sent to Persona, then from Persona to 17 other companies, and from those 17 other companies on out.
So they've already shared your stuff.... or so they seem to be saying.
@tinker I'm guessing bitching to my Cisco rep won't get me far either...
@Crookie - Actually. It will.
You push back against your rep, and they log it and report it in their meetings.
One of the major jobs of a customer service and sales rep is to document and report on current client trends and perceptions.
Push back. And continue to push back. Make it their problem so they pass the problem on.
They change their product and offerings all the time to get more money from clients. If clients are pushing back, threatening not to spend more money, they will alter their actions to get more money.
The bottom line is the bottom line for a reason.
@Crookie - Actually. It will.
You push back against your rep, and they log it and report it in their meetings.
One of the major jobs of a customer service and sales rep is to document and report on current client trends and perceptions.
Push back. And continue to push back. Make it their problem so they pass the problem on.
They change their product and offerings all the time to get more money from clients. If clients are pushing back, threatening not to spend more money, they will alter their actions to get more money.
The bottom line is the bottom line for a reason.
@tinker I just left a one-star-review on google play. Just because we can't do much abut it, that doesn't mean we can't do nothing.
@tinker Discord delayed their age verification in the face of user outcry, they didn't drop it. They'll sneak out back in once the heat dies down.
@Rob_T_Firefly - Yeah that's trash. They did drop Persona though because of backlash specific to it:
Inb4 Duo responds and makes the statement:
"These Persona services are opt-in by the client as additional features. We do not integrate them into our core product."
to which the answer to that response is:
"Yeah, the CLIENT opts in, meaning the COMPANY opts in... the employees have no say. The *employees*, all of us, can only opt out by being fired."
(Edit to revert to original post)
@tinker i run a DUO MSSP. I can confirm it is disabled by default per instance and is not integrated into the core auth elements. I have just spent valuable time verifying this. why do they do mind numbing things like this - oh, some people have asked for this..
@tinker i run a DUO MSSP. I can confirm it is disabled by default per instance and is not integrated into the core auth elements. I have just spent valuable time verifying this. why do they do mind numbing things like this - oh, some people have asked for this..
@alien8 - Yeah, I figure any statement by Duo will absolutely push the whole "its not enabled by default" and its the client's decision to use it.
Which ignores the core point - the employees (once a client enables it) have no say. By even offering this, they put so many people in the position of "accept this or quit" which is not consent.
Especially in the US where one's job is tied to access to healthcare and where many live paycheck to paycheck and if they quit or get fired, they run the real risk of going hungry or losing their house.
@tinker yes, for US i suspect configuration/setup of this will be done by certain orgs.. I don't see anyone in Europe/UK turning this one...
@alien8 - Yeah, indeed. And even if they did, I figure (hope? feel?) that they have more protections to push back on an employer doing this. Not sure, but that's my understanding.
@tinker depending on the State.. maybe... but considering the 'ask' from the customers to commit to this engineering work (it's a bunch of UI changes plus of course all the API hookup work) it must have been a significant revenue requirement and very sizeable accounts.
@alien8 - Yeah, I figure any statement by Duo will absolutely push the whole "its not enabled by default" and its the client's decision to use it.
Which ignores the core point - the employees (once a client enables it) have no say. By even offering this, they put so many people in the position of "accept this or quit" which is not consent.
Especially in the US where one's job is tied to access to healthcare and where many live paycheck to paycheck and if they quit or get fired, they run the real risk of going hungry or losing their house.
@tinker and it is a statement of fact that Persona is deeply integrated with Palantir, and both are very actively using the data to assemble lists of "politically exposed" and "undesirables" which are being actively provided to the Nazi regime.
@tinker oh, fun--my uni uses this :/
