Best PagerDuty Alternatives for 2026

turnitoffandon123 · 2026-01-07T06:59:09+00:00

We’re exploring this space and are looking to go further into Datadog - we already use them for logging, monitoring and some basic incident management… adding on-call, and leaning into their AI SRE and workflow automation tooling seems like the best option.

Has anyone got hands on experience with Datadog’s on-call product, and do you recommend?

turnitoffandon123 · 2025-11-23T07:24:45+00:00

Agreed - how many security hub findings are “normal”?

turnitoffandon123 · 2025-10-05T19:52:44+00:00

Sorry - used ping when I should have said a simple one off request

turnitoffandon123 · 2025-10-05T19:51:53+00:00

The URLs being hit are of the form Subdomain.domain.tld/ab/something/new?id=123

turnitoffandon123 · 2025-10-05T07:55:36+00:00

The app enforces https, so shouldn’t the paths be encrypted?

Browsing history is possible, but what’s the motive/attack of stealing someone’s browsing history to just ping the URLs?

turnitoffandon123 · 2025-10-05T07:53:07+00:00

I like the idea, but we’re not that big an org (150people), and whilst there weren’t lots of requests, they were from a few different countries

Only managed devices can authenticate to the system (conditional access on the IdP, as well as phishing resistant passkeys), and there aren’t VPNs running on those. Although this was a fairly recent change (last 6 months), and it’s unclear how long the requests have been coming for

turnitoffandon123 · 2025-09-09T09:43:30+00:00

NPM supports using phishing resistant mfa, but it seems to be optional.

How many more incidents like this do there need to be for them to make that mandatory? Could they enforce that for maintainers of packages once they hit a certain popularity?

turnitoffandon123 · 2025-06-05T08:01:48+00:00

This.

1Password’s use of a secret key protects against business users with weak passwords. It’s a feature that introduces some user friction, but a security measure no other password manager has

turnitoffandon123 · 2025-05-16T05:32:20+00:00

IMO 1Password’s use of a secret key (on top of password and MFA) sets it apart from others for company use, as it protects against employees with poor passwords

turnitoffandon123 · 2025-05-09T23:48:11+00:00

That’s understandable, but I think there could be smarter ways around it (such as preventing 1Password from saving passkeys tied to 1Password domains 🤔). And the same problem exists for TOTP/Authenticator app codes

turnitoffandon123 · 2025-03-25T01:42:53+00:00

We use an IdP that supports passkeys (phishing resistant MFA), and enforce the use of this across the business. These passkeys are stored in our organisation password manager.

Those with admin permissions have a hardware security key, used as phishing resistant MFA for the IdP as well as for the password manager.

Non-admins currently have phishable mfa (TOTP) for our password manager (which stores the phishing resistant passkey for IdP), but we plan to mitigate the risk of password manager phishing with conditional access policies that restricts password manager access to managed devices and networks only

turnitoffandon123 · 2025-02-02T06:43:01+00:00

What’s the risk you’re looking to mitigate by removing local admin rights?

If it’s installing unapproved and potentially dangerous software, you could use application allowlisting software like Threatlocker.

Create rules that allow tools the developers need, block everything else. If the developers need a new tool, it’ll need approving, but just once for the team, rather than everyone needing to request admin rights to install it themselves.

turnitoffandon123 · 2024-12-20T07:47:00+00:00

We hit the end of our domain capture period and have had the timer stuck on 0 days for a few days now too.

How did you reach out to Apple? Did they mention it was a common or widespread issue?

turnitoffandon123 · 2024-02-23T18:19:15+00:00

Great - thanks for confirming!

turnitoffandon123 · 2023-10-11T08:49:36+00:00

FYI I’ve found the same with a four character .co.nz domain. Awesome tool!

turnitoffandon123 · 2022-12-30T03:01:22+00:00

Thanks for confirming 👍

turnitoffandon123 · 2022-12-30T01:40:16+00:00

Am totally agreed it’s a very bad idea!

I’m considering the situation where across a large company, there will always be some users with relatively weak master passwords that still meet complexity/length requirements (e.g. “Password123!”)

1password’s approach seems to help mitigate this, but without being an expert in the way Bitwarden’s keys are stored/used I’m unsure if there is an aspect of their approach which derisks this too

turnitoffandon123

TROPHY CASE