Employer requiring MFA for work email on personal phone
Discussion
One I’d like to get the opinion of the collective on. I’m not sure whether to be precious about it or not 
I work in the NHS and all NHS mail (NHS.net) users are expected to enable MFA via their personal mobile phones in order to access work email. Either via SMS or authenticator app.
On the one hand, I’m not sure why I should be using my personal device for work matters. Email is essential for communication and if MFA is required then should this be provided on a work device? I could be stubborn and refuse and make my work life a lot quieter without access to email!
On the other I have my phone on me anyway so it’s not really a big deal.
Maybe I’m just concerned about work creeping into my personal life. Just wondered what the hive mind here thought about it?
ETA to clarify, this is to access email on any device including work PCs with a new code required for each device
I work in the NHS and all NHS mail (NHS.net) users are expected to enable MFA via their personal mobile phones in order to access work email. Either via SMS or authenticator app.
On the one hand, I’m not sure why I should be using my personal device for work matters. Email is essential for communication and if MFA is required then should this be provided on a work device? I could be stubborn and refuse and make my work life a lot quieter without access to email!
On the other I have my phone on me anyway so it’s not really a big deal.
Maybe I’m just concerned about work creeping into my personal life. Just wondered what the hive mind here thought about it?
ETA to clarify, this is to access email on any device including work PCs with a new code required for each device
Edited by Brainpox on Wednesday 15th November 09:42
My view has always been quite clear on such things. If work wants me to have emails etc on the go, provide me with a work phone. Work phone for work things, my own phone for private things.
Interestingly, a lot of people I know who work for SMEs find that a strange concept whereas in larger businesses it seems to be the norm.
Interestingly, a lot of people I know who work for SMEs find that a strange concept whereas in larger businesses it seems to be the norm.
Unless I'm misunderstanding, they just want you to install the MFA app on your phone, not set up your work emails on your personal phone? In which case is it really a big deal?
I have MS Authenticator installed on my personal phone - it just generates the code when I need to log in to something at work from time to time. Emails are limited to work devices.
I have MS Authenticator installed on my personal phone - it just generates the code when I need to log in to something at work from time to time. Emails are limited to work devices.
Is it that big of an issue? They're not asking you to have work emails come through your personal phone.
Propose an agreement with them - No MFA to come through your personal phone, and in exchange then if anyone sees you so much as touch your personal phone during working hours, they are allowed to shoot you in the leg.
Propose an agreement with them - No MFA to come through your personal phone, and in exchange then if anyone sees you so much as touch your personal phone during working hours, they are allowed to shoot you in the leg.
Zetec-S said:
Unless I'm misunderstanding, they just want you to install the MFA app on your phone, not set up your work emails on your personal phone? In which case is it really a big deal?
I have MS Authenticator installed on my personal phone - it just generates the code when I need to log in to something at work from time to time. Emails are limited to work devices.
That's what I thought it would be and my other half has it on her mobile to generate a code to log on to her laptop for work emails.I have MS Authenticator installed on my personal phone - it just generates the code when I need to log in to something at work from time to time. Emails are limited to work devices.
Brainpox said:
One I’d like to get the opinion of the collective on. I’m not sure whether to be precious about it or not
I work in the NHS and all NHS mail (NHS.net) users are expected to enable MFA via their personal mobile phones in order to access work email. Either via SMS or authenticator app.
On the one hand, I’m not sure why I should be using my personal device for work matters. Email is essential for communication and if MFA is required then should this be provided on a work device? I could be stubborn and refuse and make my work life a lot quieter without access to email!
On the other I have my phone on me anyway so it’s not really a big deal.
Maybe I’m just concerned about work creeping into my personal life. Just wondered what the hive mind here thought about it?
ETA to clarify, this is to access email on any device including work PCs with a new code required for each device
if they expect you to access work emails on your personal phone thenI work in the NHS and all NHS mail (NHS.net) users are expected to enable MFA via their personal mobile phones in order to access work email. Either via SMS or authenticator app.
On the one hand, I’m not sure why I should be using my personal device for work matters. Email is essential for communication and if MFA is required then should this be provided on a work device? I could be stubborn and refuse and make my work life a lot quieter without access to email!
On the other I have my phone on me anyway so it’s not really a big deal.
Maybe I’m just concerned about work creeping into my personal life. Just wondered what the hive mind here thought about it?
ETA to clarify, this is to access email on any device including work PCs with a new code required for each device
Edited by Brainpox on Wednesday 15th November 09:42
1. The MFA thing is perfectly reasonable.
2. They should either be providing you with a phone or paying you a phone allowance
If it's just installing an authenticator, personally I wouldn't care. It'll only be used when you're at work anyway so not really bleeding in to your personal life.
They're becoming more common for certain services anyway so chances are you'll need one at some point for something personal.
They're becoming more common for certain services anyway so chances are you'll need one at some point for something personal.
Had this when covid started, work required installing authenticator on personal phones. i dont do apps, not on any social media, just whatsapp. i kicked up a fuss, they said im the only one out of 400 people to object. they sent me an iphone se no contract just a phone.
its a personal things id say, if your not happy with it defo make a point, accepting this will just make it more difficult to reject further 'demands'.
its a personal things id say, if your not happy with it defo make a point, accepting this will just make it more difficult to reject further 'demands'.
C5_Steve said:
If it's just installing an authenticator, personally I wouldn't care. It'll only be used when you're at work anyway so not really bleeding in to your personal life.
They're becoming more common for certain services anyway so chances are you'll need one at some point for something personal.
Yes it’s an authenticator.They're becoming more common for certain services anyway so chances are you'll need one at some point for something personal.
I’ve had this with some of my team and yeah it’s just extra security.
If it’s through the authentication app it’s not too much of a burden as you can always uninstall it if you leave.
Matter of principle I’d be asking for a work device because I’d expect NHS staff working with data sensitive enough to require MFA to also not have personal phones on them at work.
Matter of principle I’d be asking for a work device because I’d expect NHS staff working with data sensitive enough to require MFA to also not have personal phones on them at work.
They will likely have an alternative for those that don't want it on their phone, probably a token.
Personally I would rather just have it on one device. Even when given a work mobile I don't use it, I just list my personal mobile as my mobile contract. I've never had a work call out of hours that wasn't justified.
Personally I would rather just have it on one device. Even when given a work mobile I don't use it, I just list my personal mobile as my mobile contract. I've never had a work call out of hours that wasn't justified.
Seems to be a lot of misinformation of this.
Essentially its just an app on your phone that generates a random 6 digit code every 30-60 seconds that you need to enter when logging onto your work PC.
There is no work data or bleed into work appearing outside of work time.
We have just had to do this at work as well and after the initial grumblings which lasted a day or 2 from some staff, its now the norm and has zero impact apart taking 10 seconds longer to log in in the morning.
It also gives you the extra security that a colleague cannot log into anything as you, even if they know your password.
Essentially its just an app on your phone that generates a random 6 digit code every 30-60 seconds that you need to enter when logging onto your work PC.
There is no work data or bleed into work appearing outside of work time.
We have just had to do this at work as well and after the initial grumblings which lasted a day or 2 from some staff, its now the norm and has zero impact apart taking 10 seconds longer to log in in the morning.
It also gives you the extra security that a colleague cannot log into anything as you, even if they know your password.
TheLurker said:
My view has always been quite clear on such things. If work wants me to have emails etc on the go, provide me with a work phone. Work phone for work things, my own phone for private things.
Interestingly, a lot of people I know who work for SMEs find that a strange concept whereas in larger businesses it seems to be the norm.
It's not a norm in big organisations.Interestingly, a lot of people I know who work for SMEs find that a strange concept whereas in larger businesses it seems to be the norm.
It makes absolutely no sense to have to lug two phones around and most people don't want to be tied to whatever hardware the org stipulates, nor does it make sense for most orgs to be the purveyors of phones to anyone when their core activity is something entirely different.
Lots of crap orgs worried for far too long about "control" in general and cyber security in particular while not actually understanding it. Initially they only very grudgingly allowed staff to use their own phones and laptops for business purposes ... until they noticed that some of their competitors were doing it and that it made life easier for everyone. Then they all did it.
Being precious about this stuff is daft. Be pragmatic for your own benefit.
ATG said:
TheLurker said:
My view has always been quite clear on such things. If work wants me to have emails etc on the go, provide me with a work phone. Work phone for work things, my own phone for private things.
Interestingly, a lot of people I know who work for SMEs find that a strange concept whereas in larger businesses it seems to be the norm.
It's not a norm in big organisations.Interestingly, a lot of people I know who work for SMEs find that a strange concept whereas in larger businesses it seems to be the norm.
It makes absolutely no sense to have to lug two phones around and most people don't want to be tied to whatever hardware the org stipulates, nor does it make sense for most orgs to be the purveyors of phones to anyone when their core activity is something entirely different.
Lots of crap orgs worried for far too long about "control" in general and cyber security in particular while not actually understanding it. Initially they only very grudgingly allowed staff to use their own phones and laptops for business purposes ... until they noticed that some of their competitors were doing it and that it made life easier for everyone. Then they all did it.
Being precious about this stuff is daft. Be pragmatic for your own benefit.
I have a work phone, my authenticator is on a personal device as its what I carry with me when im not at work. No work data, no work emails just an app that pops up when i sign in externally. It should really be no big deal.
My boss/team all have my personal number and know they can call me whenever and I'll try to help however i can and the same applies to everybody else.
I may be reading too much in but its sounds like you aren't have no dedication to the organisation/management or trust in your immediate peers. If havingan app on your phone is such a hurdle my advice would be go find somewhere to work that makes you feel like I do, where you are willing to do more than the basics of your contract without having to be compensated for it.
My boss/team all have my personal number and know they can call me whenever and I'll try to help however i can and the same applies to everybody else.
I may be reading too much in but its sounds like you aren't have no dedication to the organisation/management or trust in your immediate peers. If havingan app on your phone is such a hurdle my advice would be go find somewhere to work that makes you feel like I do, where you are willing to do more than the basics of your contract without having to be compensated for it.
My employer uses MFA which I have to complete daily, even when fully on site. You can use an authenticator but you can also do it by phone/text. It annoyed me a bit at first as sometimes I run to work and prefer to leave my mobile at home (I expect a lot of people may find that hard to believe!), but as it allows authentication by a phone call too - I was able to setup the option for it to ring my desk landline, although how long that will last for, who knows!
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff