08-30-2018 03:57 AM
I have Duo Security set up on a MAC. For some reason there is no 2FA prompt when the machine is locked.
When the account is logged out it works fine.
Is there a way to set up it so it enforces 2FA authentication after the machine is logged out or locked out?
08-30-2018 05:50 AM
Hi mohsm, that is expected behavior. As indicated in the documentation, Duo 2FA is only required for new console logons but not when unlocking the computer or when an already logged-on user wakes the system from sleep.
Currently there is no way to prompt for Duo 2FA when unlocking the computer.
08-30-2018 05:53 AM
Is there a reason for this when it works on Windows 10? and do you know if it is the same with Unix based systems?
08-30-2018 08:17 AM
I spoke with one of our developers about this. He shared that it is currently a feature request for our macOS integration.
He also stated that one of the top feature requests for our Windows Logon integration was to make it so that 2FA was not required after locking the system, so that guided the development of the initial release of our macOS integration.
08-31-2018 02:26 AM
Interesting. I personally think it should be a requirement.
Most of the time I lock my laptop or computer so I am able to carry on what I am doing later on. Which is why I would want 2FA on lock screen.
Can always have a compromise where you can specify a time-out when the screen lock forces to use 2FA. That means when you are working at your desk and it locks, no 2FA required but after being locked for X minutes, 2FA kicks in.
I do wonder what will end up being chosen considering both features are being requested.
09-05-2018 01:44 PM
That may be a common feature request from end users; but, compliance and security teams want 2fa on the screensaver for good reasons.
Put a tick in the feature request column for macOS for me!
09-06-2018 12:38 AM
Completely agree with Brian here. This is the only thing that stopped us from getting Duo Security.
09-11-2018 04:02 PM
One more tick from me too for this. It is already possible to configure pam on macOS to use another method of MFA to challenge on lock screen, but I don’t want to promote multiple solutions in an enterprise, but hoping that Duo would implement it.
Another one is offline MFA for Mac OS X. (Great job with the windows one, by the way Announcing offline multi-factor authentication for Windows)
10-24-2018 11:32 AM
Agree with Brian and Thomas on the comments they added. Hopefully these features will be resolved in the next version of the macos agent.
04-14-2019 02:39 AM
totally agree. I need 2fa after the screensaver because I use suspension a lot and my MacBook has 189 days of uptime. (So 2fa only on poweron or reconnect is useless).
Is there any betatester slot avaiable for Mac OS Agent?
05-29-2019 05:47 PM
Agree with the above. MFA must protect all unlock or logon scenarios. The Windows 10 login meets those requirements and further provides offline access codes. Please enable this for MacOS as soon as possible (and please don’t solicit security requirements from “end users” who simply want security out of the way). Good security can be nearly transparent, easy to use, that’s true. Federal government and DoD contractors will need MFA protection at all unlock or logon scenarios. Also please find a way to support “offline” access codes which help for those who want to secure their laptops while traveling or working from a public location. How do I make a formal feature request?
05-30-2019 05:37 AM
If you would like to submit a new feature request or add your name to an existing one, please contact Duo Support or your Duo Account Executive or Customer Success Manager.
03-02-2020 03:14 AM
Hi,
Are there any update for 2FA for lockscreen and offline codes for Mac?
09-19-2019 05:13 PM
Hello,
We also looking for this feature, no one reboots computers daily. If it is lost or stolen someone can get into it, by brute forcing password or seeing user typing in password. For people who don’t want this feature it should be available through policy editor.
Thanks.
06-14-2020 07:36 AM
Some update? Where is the support?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide