@preinheimer I used this exact method at my previous place where most of the team (20 people) worked on site, so the likelihood of a computer theft was limited to very few peopleIt was working great, people loved not having to type in passwords and the direction LOVED not having this as a possible leakTrying to access our backends required a client certificate that you could only issue from within the officeAnd I know that knowledgeable folks would have thrown me under the bus for many technically valid reasons —I think it was Ryan Sleevi perhaps? On a different social media that is no longer searchableNowadays I’d add a login screen with a password manager deployed to everyone, so that the friction wouldn’t be too high, but the client cert would stay, if not for authentication of the individual, at least as a nice layer.
P
