I’ve used Microsoft, Google, Authy, and DUO, and they’re all fine. It comes down to the features you want/need. If I remember correctly, Microsoft Authenticator no longer supports Apple Watch. I use DUO because we use it in my day job, and not because of the authenticator, but becauase of the suite of tools like Single Sign-on. DUO was just more feature rich at a business/enterprise level when integrating other products.
Working in IT with MFA all over, I can’t tell you how often I approve DUO prompts on a given day. The Apple Watch reduces the friction. I use focus modes on my phone and generally don’t want to pick it up. There might be shiny object that get me distracted
I have been using Yubikey and Bitwarden. I thought it’s secure. But, if there’s a malware or Trojan, then these combo might not prevent it! And while I thought Mac is secure, I do download apps from GitHub or Homebrew and so that’s not smart. Is there no better way anymore?
This was unusual enough to make national news. Disney employees 50k+ in white collar jobs. Probably thousands of them are package manager and/or Github users that didn’t download devastating malware.
There’s a good chance this malware asked him to authenticate as admin for no good reason, too. It’s hard to cause mischief on macOS without getting the user to do that.
This is why it’s so, so, so important to apply updates as soon as they come out, and to avoid using devices/computers that cannot be updated. These kinds of attacks rely on known but unpatched vulnerabilities. They could exploit unpatched but known (to the attackers) vulnerabilities, but nobody is going to burn a zero-day like that on the likes of us; it’s too valuable
A zero-day vulnerability is one that is known to malicious actors before it’s generally known to anyone else, so there can be no patch available. Zero-day vulnerabilities tend to be very, very valuable and also their use usually gives them away, so they’re reserved for selected and high value targets.
And like other weapon dealers, zero day vendors mostly sell to governments or otherwise monetize their wares with their own products. Journalist Nicole Perlroth does a fantastic job of documenting the rise of the zero day market in her book, “This is How They Tell Me the World Ends.” Another book that covers zero days from the viewpoint of human rights activists and researchers is “Chasing Shadows” by Citizen Lab’s founder, Ron Deibert.
