Employer requiring MFA for work email on personal phone
Discussion
bhstewie said:
Can't say I get it.
Me neither. In my team most people have 3 separate MFA apps (one to login to the main system, one to login to the banking system, and then a 3rd one to approve BACS payments). Nobody ever complained because it is a PITA to remember to keep the token with you (when you're hybrid working) and it's a PITA to use 3 separate tokens. It's also a pain to administer the tokens when somebody locks it or the battery runs out.
bhstewie said:
eliot said:
and yet those users may install the same authenticator app to access their paypal for example, sounds like militant staff being dicks for the sake of it.
Pretty much.We had a few "I know my rights" types.
Can't say I get it.
You don’t need to “get it”, you just need to respect their choice.
I had a member of staff get shirty about this. Funny thing was he was a security analyst and when I asked we he didnt already have MS Authenticator on his phone for personal things he didn't have an answer. Probably was re using the same password between sites as well.
IT gave him a key ring token instead.
Doesn't bother me in the slightest. I have my mobile in me all the time anyway, and the app installed. I don't access work emails on my phone.
IT gave him a key ring token instead.
Doesn't bother me in the slightest. I have my mobile in me all the time anyway, and the app installed. I don't access work emails on my phone.
eliot said:
and yet those users may install the same authenticator app to access their paypal for example, sounds like militant staff being dicks for the sake of it.
I don't see it as militant personally. My work phone is slowly dying but been told I can't have a new one and to use my personal phone with a SIM but i've refused and said I just won't be contactable via a phone unless they supply one. I want to be able to separate my work life from my personal life.fiatpower said:
eliot said:
and yet those users may install the same authenticator app to access their paypal for example, sounds like militant staff being dicks for the sake of it.
I don't see it as militant personally. My work phone is slowly dying but been told I can't have a new one and to use my personal phone with a SIM but i've refused and said I just won't be contactable via a phone unless they supply one. I want to be able to separate my work life from my personal life.greygoose said:
That’s a different issue to an authentication app though, if your company want you to take calls then they should give you a phone.
Why is it different? The company are requesting you use a personal device for a business purpose. Why does it matter what that business purpose is?CheesecakeRunner said:
greygoose said:
That’s a different issue to an authentication app though, if your company want you to take calls then they should give you a phone.
Why is it different? The company are requesting you use a personal device for a business purpose. Why does it matter what that business purpose is?Yes, people should have the right to refuse, and the company offer an alternative. But flip it around, how many people would be up in arms if the company turned round and blocked internet access on company devices, and insisted everyone turned off their personal phones during working hours?
CheesecakeRunner said:
greygoose said:
That’s a different issue to an authentication app though, if your company want you to take calls then they should give you a phone.
Why is it different? The company are requesting you use a personal device for a business purpose. Why does it matter what that business purpose is?Once you have MFA on your phone no one is then saying you should then be replying to emails at home. It sits there dormant until you need to use it, at work.
Do you expect work to provide you with a dedicated wallet for your door access card? Perhaps a company car for you to carry it in?
Or do you just chuck it in your own wallet (or if a fob on your own keyring) like a normal human?
Emails on the go is surely good / helpful. If being precious just turn it off at 5pm or don't look at the emails until the morning.
I have notifications turned off on my phone anyway so the annoying ping ping ping is not there
TX.
Edit - oops OP it seems ain't about work email on the phone
I have notifications turned off on my phone anyway so the annoying ping ping ping is not there
TX.
Edit - oops OP it seems ain't about work email on the phone
Edited by Terminator X on Wednesday 22 November 11:33
Zetec-S said:
CheesecakeRunner said:
greygoose said:
That’s a different issue to an authentication app though, if your company want you to take calls then they should give you a phone.
Why is it different? The company are requesting you use a personal device for a business purpose. Why does it matter what that business purpose is?Zetec-S said:
Yes, people should have the right to refuse, and the company offer an alternative. But flip it around, how many people would be up in arms if the company turned round and blocked internet access on company devices, and insisted everyone turned off their personal phones during working hours?
An employer has no obligation to provide personal internet access in the same way an employee (generally) has no obligation to provide a personal device for business use. And I’ve worked places where your personal devices had to be locked in faraday cages, and the onsite systems were air gapped. Strangely that employer didn’t ask anyone to put an MFA token on a personal phone.
I work in Higher Education.
The scope creep onto personal phones - and other devices - is ridiculous. It started with MFA, then it became an app through which you access your timetable - equivalent of job sheets, I suppose. We're expected to give out our personal phone numbers on email footers and the like. I refuse for privacy reasons.
We don't even get given the computing kit we need. I have a laptop from when I joined ten years ago that that's it. No upgrades, just get on and use it. The battery is destroyed.
If I want better kit, I am told to go and win a research grant and include the money in that. Which the funders do not allow (no general purpose computing allowed - it is considered to be something your employer should already be providing you with) and requires me to hide it as something else, breaching the contract.
I could go on to how the workload model makes it look like we work 37.5 hour weeks when the tasks allocated take 60 to 70 and we're told to fill in the gap for free "because it's the right thing to do..."
Trust me, MFA on personal devices is the start...
I'm sitting here on campus, looking at a screen I bought out of pocket, typing on a keyboard the same, the laptop the same, hell - it goes right down to pens and paper...
Don't give an inch on MFA...
The scope creep onto personal phones - and other devices - is ridiculous. It started with MFA, then it became an app through which you access your timetable - equivalent of job sheets, I suppose. We're expected to give out our personal phone numbers on email footers and the like. I refuse for privacy reasons.
We don't even get given the computing kit we need. I have a laptop from when I joined ten years ago that that's it. No upgrades, just get on and use it. The battery is destroyed.
If I want better kit, I am told to go and win a research grant and include the money in that. Which the funders do not allow (no general purpose computing allowed - it is considered to be something your employer should already be providing you with) and requires me to hide it as something else, breaching the contract.
I could go on to how the workload model makes it look like we work 37.5 hour weeks when the tasks allocated take 60 to 70 and we're told to fill in the gap for free "because it's the right thing to do..."
Trust me, MFA on personal devices is the start...
I'm sitting here on campus, looking at a screen I bought out of pocket, typing on a keyboard the same, the laptop the same, hell - it goes right down to pens and paper...
Don't give an inch on MFA...
dxg said:
I work in Higher Education.
The scope creep onto personal phones - and other devices - is ridiculous. It started with MFA, then it became an app through which you access your timetable - equivalent of job sheets, I suppose. We're expected to give out our personal phone numbers on email footers and the like. I refuse for privacy reasons.
We don't even get given the computing kit we need. I have a laptop from when I joined ten years ago that that's it. No upgrades, just get on and use it. The battery is destroyed.
If I want better kit, I am told to go and win a research grant and include the money in that. Which the funders do not allow (no general purpose computing allowed - it is considered to be something your employer should already be providing you with) and requires me to hide it as something else, breaching the contract.
I could go on to how the workload model makes it look like we work 37.5 hour weeks when the tasks allocated take 60 to 70 and we're told to fill in the gap for free "because it's the right thing to do..."
Trust me, MFA on personal devices is the start...
I'm sitting here on campus, looking at a screen I bought out of pocket, typing on a keyboard the same, the laptop the same, hell - it goes right down to pens and paper...
Don't give an inch on MFA...
That doesn't really sound like a MFA issue. More like a st place to work issue.The scope creep onto personal phones - and other devices - is ridiculous. It started with MFA, then it became an app through which you access your timetable - equivalent of job sheets, I suppose. We're expected to give out our personal phone numbers on email footers and the like. I refuse for privacy reasons.
We don't even get given the computing kit we need. I have a laptop from when I joined ten years ago that that's it. No upgrades, just get on and use it. The battery is destroyed.
If I want better kit, I am told to go and win a research grant and include the money in that. Which the funders do not allow (no general purpose computing allowed - it is considered to be something your employer should already be providing you with) and requires me to hide it as something else, breaching the contract.
I could go on to how the workload model makes it look like we work 37.5 hour weeks when the tasks allocated take 60 to 70 and we're told to fill in the gap for free "because it's the right thing to do..."
Trust me, MFA on personal devices is the start...
I'm sitting here on campus, looking at a screen I bought out of pocket, typing on a keyboard the same, the laptop the same, hell - it goes right down to pens and paper...
Don't give an inch on MFA...
I have a work phone and a personal phone. The work phone is a Samsung and it's awful. I hate using it and hate having to travel with two devices to scan at airport security and 2 devices to carry around on me. Now that I can access Teams, SharePoint, Outlook 365 mails, OneDrive, etc. on my personal iPhone, I've just forwarded all work phone calls to my personal device. I can do all personal and work on my own phone. It's great.
I have a work folder created with all the apps and turned off notifications, so I only check when I'm at work and need to. The only thing I get is the occasional work call but I rarely get calls, so the odd cold call just gets ignored.
If you're the sort who gets constant work calls and messages then I'd probably hold off but for me, I'm just going to hand my work phone back and do everything I need on my iPhone. Brilliant.
I have a work folder created with all the apps and turned off notifications, so I only check when I'm at work and need to. The only thing I get is the occasional work call but I rarely get calls, so the odd cold call just gets ignored.
If you're the sort who gets constant work calls and messages then I'd probably hold off but for me, I'm just going to hand my work phone back and do everything I need on my iPhone. Brilliant.
CheesecakeRunner said:
personal devices had to be locked in faraday cages, and the onsite systems were air gapped.
for a high security environment it goes without saying that would be the case - in fact policy would probably expressly forbid using anything other than an company provided token or ubikey etc.Even if they want you to use your device for emails too, it is really not a big deal.
The fact you’re not sure if you should be “precious” about it or not tells you all you need to know.
BYOD is very popular and is becoming an easier solution for both employers and end users.
Do you really want to carry round two phones? Two phones to charge, two phones to put on/off mute when in different situations, etc. It’s a faff.
As for “taking your work home with you”, simply turn off notifications.
The fact you’re not sure if you should be “precious” about it or not tells you all you need to know.
BYOD is very popular and is becoming an easier solution for both employers and end users.
Do you really want to carry round two phones? Two phones to charge, two phones to put on/off mute when in different situations, etc. It’s a faff.
As for “taking your work home with you”, simply turn off notifications.
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff