I have question about something out of scope for usual privacy oriented users. In my company (SME) we have internal file server that can be accessed from out-of-office only via VPN, which is set by our IT support on all business laptops. This is, as I know, best practice when it comes to security. But what if we decide to move to hosted cloud instead (e.g. Nextcloud with trusted provider)? Would 2FA be enough to secure the access?
Our main threat is unauthorized access, mainly by competitors. And in my opinion, if users are careful enough, with 2FA, this should be quite secure solution. The only problem is how to prevent users using it on insecure private PCs, but let’s skip that issue for a moment. Does this make any sense to you?