|
My personal phone has all kind of issues.
First, when asked to use it for work I whip out my trusty Nokia Lumia: what does it mean there is no app for that? Fix it!
Second, my Samsung phone has a custom ROM (not) with all kind of stability issues (not) and loses phone calls, SMS, messages, reboots randomly, sometimes freezes completely. Sorry I didn't receive any call, what do you mean I didn't answer?
Same goes for my personal PC. It never, ever works and often won't even boot.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
Yeah, my last boss got hold of my mobile number because we had to meet up under promises that he'd forget it immediately afterwards.
Being the trusting sort I am, I immediately changed the number. A month later he was badgering me for the new number as it "didn't work when he tried it on Sunday". 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Dude. You should write an article about this strategy…. anonymously. 
Jeremy Falcon
|
|
|
|
|
Even Banks lately ASSUMES an Adroid/iOS device to run their "MoneyApp" to do stuff, I rocked up with a MobiCell, they had to go fetch them old card re-encoder from the back room to assist me after I threw my toys all over their support lines.
Back to 2FA: I got to love BitWarden (1Password apparently also) as it include the TOTP (google auth) thus I have less to type/search/etc. and best of all: As I have BitWarden "everywhere" (after my password - long one and only pass I remember ) I don't worry about them phones getting lost/stolen anymore
|
|
|
|
|
I insisted on a hardware token for 2FA - I am not keen on relying on a personal mobile device for any work as I have had a phone malfunction on me before.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Three bosses ago, I had a company phone for about a year. I received one company call and one company text (both from my boss) during that time. During one of the cost-reduction manias that followed, it was decided I no longer needed a company phone (which was a Samsung Galaxy). They also decided to 'economize' on the most current iPhone, but I digress.
Software Zen: delete this;
|
|
|
|
|
And IMO I don't think cost reduction will stop any time soon. Despite what the TV says. Companies are even more brazen with nagging people about sales these days. I get spammed a lot more than I did 5 years ago, and despite the lies from TV there's a reason for that and price increases.
Jeremy Falcon
|
|
|
|
|
Jeremy Falcon wrote: Especially with WFH now, those waters about to get mo' muddy
Yup. I use my personal machine to Remote Desktop to the machine on my desk and work from there. This keeps the corporate IT yabbo's mitts off my box, especially the McAfee malware they insist on using. Somebody was definitely schtupping someone else when that deal went through.
Software Zen: delete this;
|
|
|
|
|
I've told all my bosses that if you want me to use a phone for business then you have to provide the phone. I refuse to put business apps on my personal computers (phones included). My company is really good about this, so they have key fobs for the people without smart phones, and issue decent smartphones with management approval.
Bond
Keep all things as simple as possible, but no simpler. -said someone, somewhere
|
|
|
|
|
Nope, my cell phone is for MY use. I still had a land line so that was the only phone number the company had for me. Since they didn't have my cell number, any 2fa at work went through the company phone on my desk. The 'important' people at work had company provided cell phones and I was glad not to be considered 'important'. My boss would get work related calls as late as 10pm.
|
|
|
|
|
Company IT plan was to put everything on MS auth. So all of the following
1. Email
2. Computer log in
3. Slack
My question was not answered when I asked how someone who got locked out of their PC due to a pwd change was supposed to request assistance.
|
|
|
|
|
Something similar but with a bigger collateral damage: The Insider News[^]
M.D.V. 
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
MS Auth has a URL you can visit to reset your password. Security questions or some other method, but probably won’t work if you forgot to set it up.
|
|
|
|
|
If I recall, and it is the same, it has a favorite color secret question to which the answer must be at least 5 letters. "oh you mean my favorite if my first two are eliminated by a restriction I have no idea even exists at the point you are asking me to answer a challenge?" Oh yeah? Green then.
|
|
|
|
|
englebart wrote: MS Auth has a URL you can visit to reset your password
So you expect the HR person to know that? Keep in mind there is no way for IT (help) to know there is a problem so they won't be telling them about that.
But to be fair as a developer I am unlikely to even think of that possibility myself. I would expect that my company's IT is responsible for that so I would not even look. I do know for a fact that at least the way my company AWS account is set up if my password expires then company help(IT) must reset it. No way for me to do it. So no reason for me not to expect the same.
|
|
|
|
|
Company had to dich such authentication for two reasons...
Not all have a smart phone to use that grate app to authenticate
Some refused to use personal phones
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid." ― Albert Einstein
|
|
|
|
|
I feel your pain, not a fan of all the "work" involved.
However...
Setting up 2FA is the way to go to avoid having your account compromised.
The Hello 6-digit pin probably only works on your machine, while your password roams across devices.
The way Slack handles it requires a hacker to have access to your Slack and email account, which is another barrier.
2FA can usually be set up in a way that remembers your location or device, so you don't have to authenticate every minute.
Like it or not, about 99% of hacks could've been avoided by 2FA.
Not because it's impossible to get past 2FA, but because it's a lot harder, so hackers tend to simply move on to someone who doesn't have 2FA.
|
|
|
|
|
It's also possible to add extra security to your email account if it comes to that. I dislike the interruption that 2FA requires, but it's probably a good thing, forcing me out of auto-think into actually looking at what I'm doing at a time when my attention should be on the task at hand (logging in securely) instead of my original task (the reason for logging in).
Security is increasingly important in this world of cyber criminals, so I just cuss quietly and get the thing done. I do think companies should choose tools that do not require their employees to use their personal phones, but that is going to take push-back from the employees, so it's on them. I think I'll start to do that for the two apps we use that require me to use my phone (one is even owned by my company, so that ought to be easier  )
|
|
|
|
|
And how many people have their email on their phone already logged in (gmail). If you have somebody's phone, you have all of their security.
Hogan
|
|
|
|
|
So make sure you have your phone locked well.
I'm pretty sure most hacks aren't done by stealing someone's phone though.
A brute force attack or unencrypted database leak is far more common.
Especially in that last scenario 2FA is your only protection.
You can whine and make excuses all you want, but 2FA is simply a security best practice that may save your life one day 
|
|
|
|
|
I have never setup my phone to handle my emails just because of that. I have no problems waiting till I get to my home computer to check emails.
|
|
|
|
|
We have the same crap.
I have to change my Windows password every 3 months.
This also means that most of my applications require a new 2FA login.
So by the end of the day, I have about 20 messages on my personal phone. (I'm not 'important enough' to get a work phone)
And for elevated stuff, we have a Yubi key, and for Google crap we have another electronic key. 
Where are the days that I could turn on my computer and just start working?
I dreading the day that it requires a vial of blood to log-in 
|
|
|
|
|
JohaViss61 wrote: I'm not 'important enough' to get a work phone
I had that problem too. Except that whilst people with work phones could have them on their desks, those of use without work phones were not allowed to have personal mobile phones in the office. So, for 2FA, one had to leave the office, go to the lockers to get you personal phone. write down the 2FA code, get back to the office and hope that the activation code had not expired before you could use it.
|
|
|
|
|
old fashioned passwords for old fashioned hackers. 
MFA/2FA is essential these days, whether you like it or not. I, personally, like it. It's way better than just a plain old password. Passwords get bought and sold every day on the dark web, etc.
Our software shop is in the process of converting all of our existing legacy web apps to use MFA.
We already have 2FA at work for all work related accounts. Its not a hassle at all.
|
|
|
|
|
2FA is a hassle, but a necessary one.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
