I've been using it and I quite like it!

Push Verification and TOTP just aren’t good enough anymore. Webauthn / FIDO2 authenticators such as Yubikeys (Yubico) are the solve for phishing as they’re cryptographically verified against the issuing domain. They’re pretty close to perfect authenticators.

The problem is that many existing tools, like VPNs, control the credential verification and depend on protocols such as RADIUS to authenticate users. This means Push and TOTP are the “best” multi-factor verification methods we have – but they are clearly vulnerable to at-scale phishing and social engineering attacks. There are companies that are solving this problem – Twingate and Tailscale are two great examples. They let you embrace both better credential verification natively and IdP led flows for authenticating users.

All up, it’s scary to see the impact of the Uber hack, but I am optimistic that we’re making the right investments as an industry to help companies be more secure.

Experimenting with Twingate in combination with a Pi clone. First impression is very good. What a relief compared to the setup of a regular VPN.

I've tried Twingate in my home lab, since I was fed up with the abysmal performance of VPN, and I must say, I was more than positively surprised by the performance. Even with a sketchy connection, I could work with Remote Desktop set at full quality.

Furthermore, you can create security policies and device checks (e.g. only allow Windows machines that with enabled firewall, hard drive encryption, and antivirus installed), 2FA for every connection attempt, etc.

You don't even have to open a port in your firewall for this, since you'll install a connector within your network that opens a secure outbound connection for which then is matched with the client outside your network.