
Using your devices as the key to your apps - GordonS
https://blog.cloudflare.com/using-your-devices-as-the-key-to-your-apps/
======
GordonS
Around 15-20 years ago, we used client certificates as a second factor for
customers using our extranet system.

Gods, but it was horrible!

We had to build some means of managing, issuing and revoking certificates on
top of Microsoft certificate services (which was crap), which was no small
undertaking. Our support staff constantly messed things up when using it.

We sent certificates via email, along with instructions on how to install it
in IE.

But normal end users found this process too confusing - they didn't know what
a certificate was, and had never seen the inside of the IE settings dialog
before. Furthermore, over-zealous corporate IT departments frequently locked
things down so end users couldn't install client certs at all!

And the final nail for our customers was that they were very mobile (oil and
gas industry), and frequently used different PCs - which meant we had to issue
a constant stream of certificates, and meant very annoyed customers waiting
for them.

Our corporate IT department sat in an ivory tower, mandating approaches and
never listening to us or our customers. Working in an enterprise really is
soul destroying at times.

