@tinker i run a DUO MSSP. I can confirm it is disabled by default per instance and is not integrated into the core auth elements. I have just spent valuable time verifying this. why do they do mind numbing things like this - oh, some people have asked for this..
Post
Replies:
0
@tinker The organization must create an account with Persona and drop API keys into Duo.
Admins do nothing, and there is no integration. (see screen shot)
Duo can't create a Persona domain and force an org into using it.
@tinker That is all I needed to read to remove the Duo app and cancel business with the one vendor we work with who insists on us using it.
If you work with HIPAA or PCI, this integration is a red flag for risk assessment.
I can't fucking believe this...I swear... every damn day...
I use DUO MFA to auth into my graduate uni alumni email account. So, are you (implicitly) saying that, by extension, they may block access to alumni uni email accounts until one verifies for restored access to said uni email accounts??
Just putting it out there because it's not too hard to extrapolate into the not-to-distant future..
I mean, you keep running and running to stay just out of their clutches...
@synnfynn - So two things. One, you can ask if they are using this feature to validate people. They'll tell you straight up. If they aren't using this feature, then THAT PART AND ONLY THAT PART does not apply to you.
The second thing is they appear to be using Persona on the backend anyways. So your PII (based on what I'm reading on their own website) is being sent to Persona, then from Persona to 17 other companies, and from those 17 other companies on out.
So they've already shared your stuff.... or so they seem to be saying.
@tinker I'm guessing bitching to my Cisco rep won't get me far either...
@Crookie - Actually. It will.
You push back against your rep, and they log it and report it in their meetings.
One of the major jobs of a customer service and sales rep is to document and report on current client trends and perceptions.
Push back. And continue to push back. Make it their problem so they pass the problem on.
They change their product and offerings all the time to get more money from clients. If clients are pushing back, threatening not to spend more money, they will alter their actions to get more money.
The bottom line is the bottom line for a reason.
@Crookie - Actually. It will.
You push back against your rep, and they log it and report it in their meetings.
One of the major jobs of a customer service and sales rep is to document and report on current client trends and perceptions.
Push back. And continue to push back. Make it their problem so they pass the problem on.
They change their product and offerings all the time to get more money from clients. If clients are pushing back, threatening not to spend more money, they will alter their actions to get more money.
The bottom line is the bottom line for a reason.
@tinker I just left a one-star-review on google play. Just because we can't do much abut it, that doesn't mean we can't do nothing.
@tinker Discord delayed their age verification in the face of user outcry, they didn't drop it. They'll sneak out back in once the heat dies down.
@Rob_T_Firefly - Yeah that's trash. They did drop Persona though because of backlash specific to it:
