Logging into my work accounts is where Google Authenticator works best. Also, I had a personal account get hacked. I had an account created to book hotels, but someone was constantly resetting my password. To prevent further hacking attempts, I set up Google Authenticator. I do not believe it would be appropriate for banking accounts.
Zscaler Private Access works really well in environments setup for FQDNs and where you know what users should/shouldn't be accessing on what ports. You can use Zscaler Private Access to figure out these kinds of features but that doesn't always mean you'll be correct. It also provides a consistent experience for users as they can access their materials anywhere. It also makes the user the last line of defense. If a user's account is compromised then the attacker has access to everything they already did. It doesn't work great in OT environments or Server based environments. Flows have to be initiated from the client and not the server for stuff to behave properly.
I once performed a factory reset of my smartphone which had Google Authenticator. I didn't have a backup for the device. When I restored my phone with the same google account, I was not able to restore the authenticator app settings. I had to add all the keys back into the app to use it. This is cumbersome, but I understand it is set up this way for security reasons.
I don't like the ease with which it lets you delete a key. If I accidentally delete a key, I am doomed to get my 2FA key reset, unless I still have the QR code saved somewhere.
Application Segmentation and Listener Configuration - The way applications are defined and listened for is fundamental to ZPA, but can be a source of frustration, especially when dealing with legacy or non-HTTP protocols
The ZCC is the user's primary gateway, but its control over local system network behavior can sometimes clash with enterprise requirements.
It's as easy as opening the app and what I need it for is there. I don't have to fumble with other accounts or getting something else to open it for me. I have all the access that I need for the use of the app within seconds and I can get access to the info that I need.
The environment feels more secure, and we are seeing that users are adapting to it fast. The fact that we have tools to assist the users with their day-to-day access helps, as we can hand it off to the helpdesk without any escalations to the Network team. It is a work in progress for our agency, but we are seeing the benefits from the solution.
I have found Google’s support to be hit or miss. There are times when they are very responsive, and I get my issue resolved quickly, and there are times where a response from them takes weeks. There is no in-between. But my support experience with this particular product is nonexistent because I have not had a problem with it yet. Hopefully, we do not have any problems with it either.
First, Google Authenticator meets the security requirements which should be considered "table stakes". Second, simplicity is critical. Many users don' understand why they are setting up MFA (or they just don't care), and so adding additional complications to their day-to-day is always challenging. When it is simple, it makes life a lot easier. Finally, trust (due to the brand name recognition, primarily) removes any notion of "what is this?" that the user may have from being required to install something on their personal device for work purposes.
Well ZPA is a good solution, however everyone has their own advantage and disadvantages, with ZPA you can deploy ZTNA model, which will help you better control on access, however Palo Alto, Fortinet they are also market leading firewall solution, and you can not deny if they are not providing the same features.
More secure data = less worried about a data breach.
Takes longer to log in, and if I don't have my phone then I have to go looking for it, so it really makes it so that you can't be without your phone, which in certain instances is annoying or not possible and can hold up work time.
Everyone is willing to use the same program because everyone likes Google—makes it easier to manage.
Positive: We have now charged users internally for the service
Negative: Dealing with users who also have the Zscaler Client Connector for their company, can cause confusions
Negative: Enabling the Zscaler Internet Access entitlement has been a major headache for us because Zscaler Private Access users can't autheniticate through ZIA on a non corporate device.
