How do you suggest implementing two-factor authentication (2FA)/multi-factor authentication (MFA) when users only have access to a single (work) device?

2FA/MFA involves a second step after entering your password (e.g. providing a fingerprint, using Eye/Face identification, answering a security question, or entering a unique code sent to your device).

You can use 2FA/MFA when initially setting up that user’s account on their device. That device could then be remembered so it becomes the ‘second factor’. 2FA/MFA would then issue a prompt if there was an attempt to access that account from another device, preventing that log in if malicious.

If you are sharing devices, you can set it up so that multiple accounts can trust the same device(s), or you can use authenticator apps on personal devices. If you just want to be sure that someone accessing your organisation’s accounts is using your organisation’s devices, then you can set it up so that multiple accounts can trust the same device(s).