You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
At my workplace having your own mobile in use when on duty is a disciplinary offense
How the actual **** are you expected to use it for MFA then? Do you suppose, just suppose, that organisations requesting that employees use personal devices to generate codes might allow the use of personal devices?
and so is plugging anything into USBs cougar
That shouldn't be a problem. If they don't want you plugging things into USB ports then those ports should be disabled by policy.
Also, these exist:
Though within an organisation I'd expect structured cabling. More like:
I dont quite get the barriers between home and work argument,
There isn't one.
Just because you do not see it or understand it does not mean there is not one. I am not the only person on this thread to have this position. I never mix work and home in any way. My work was extremely stressful and upsetting at times. Having that hard barrier is one way of preserving mental health.
How many people, who use a laptop for work, don’t have smartphones?
A quick google says the lowest working age user group of smartphones are those 55-65, and that’s 93%. From 16-54, it’s 98% plus, increasing as you look to younger workers. That’s everyone, not just laptop workers.
Not unreasonable to assume someone would have a smartphone really.
How many people, who use a laptop for work, don’t have smartphones?
A quick google says the lowest working age user group of smartphones are those 55-65, and that’s 93%. From 16-54, it’s 98% plus, increasing as you look to younger workers. That’s everyone, not just laptop workers.
Not unreasonable to assume someone would have a smartphone really.
Have you met old engineers before?
I work with a few people who were to scared to have a laptop 🤣
If they don't want you plugging things into USB ports then those ports should be disabled by policy.
And if they were they would still provide power. We have all USB devices blocked but I can still charge my phone from my laptop. I just cannot access any part of its file structure. .
I don’t think anyone is not agreeing with the work/home distinction but rather, finding it hard to understand that MFA goes against this as the reason given is looking at the app icon on the phone is too much to bear. Perhaps I’m missing something but how does a seeing an app icon differ from say, ironing your nurse’s uniform.
Just because you do not see it or understand it does not mean there is not one. I am not the only person on this thread to have this position. I never mix work and home in any way. My work was extremely stressful and upsetting at times. Having that hard barrier is one way of preserving mental health
That, with this I am with TJ. We used to have people who wouldn't use our satellite phones because they were convinced they irradiated their heads even though they used them once a month compared to being on their mobile phones permanently. Same with people I know who needed us to switch off the wifi when they were in the room even though there were at least 30 stations nearby on the same frequency bands that were on permanently. My snowboard instructor used to make me imagine picking money off a tree and then putting it in my pocket when making a turn. What is technically going on and what you actually do to make things work for you don't need to be the same unless they are massively at conflict and here they aren't. How you visuallize things is important
oceanskipper - its either a hard line or it does not exist. You accept the work / home distinction. This crosses that line for me. I never ironed a uniform BTW 🙂
Yes but my point is just using an arbitrary example. Does the alarm going off in the morning to remind you to get up for work not also cross the hard line? It’s reminding you about work when you are not at work.
I’m not expecting an explanation either. It’s your boundary. No need to explain it but you can surely see why it’s not that easy to understand. In my mind there is no difference between a phone app and hundreds of other things that remind me of work when I’m not actually at work. You say there is and that’s fine. I just don’t get it, which is my failing, I don’t have the work stress many people do so I may never see the reasons why one seemingly innocuous thing is more of a trigger than another. 🤷🏽♂️
Oh, and if you worked in my organisation you would have a phone provided if you wanted one!
At my workplace having your own mobile in use when on duty is a disciplinary offense
Given that the NHS both require you to use MFA and instruct people to use their phone to host it, this isn't true any more
Times have changed a lot in the NHS over the last few years. There was a historical badge of honour in being terrible with IT because it was someone else’s job.
It’s now accepted that it makes people life easier and when people get some flexibility they accept it can go both ways. We now have relatively junior grades (band 6 and 7) working remotely however if they demanded a work phone for MFA I would just say sorry I can’t provide that so you can be onsite every day. These are roles that 5 years ago would have been 100% onsite. We do provide a laptop or Remote Desktop but if we had to start shelling out for phones as well it would be a no.
things like requesting annual leave are now done via an app, you could refuse to use it and wait until you are onsite and use a hospital PC but some days/periods are first come first served and that might mean requesting next summer/xmas over a weekend and if all your colleagues are happy to do that they will benefit.
I don’t use my personal phone for emails or teams and only 1 or 2 colleagues would contact me in an emergency and that’s fine because when you have to deal with a big problem when you come back you would rather give advice on how to fix it to other people than walk back in on a total mess.
A lot of it is down to roles and responsibilities.
In Lothian? I'll check with someone who works there. Given that would require a major change to policy to do so I have my doubts. Is that for remote workers?
Oh, and if you worked in my organisation you would have a phone provided if you wanted one!
I would have no issue with that. I had in one job. That phone never came home with me.
Alan - I was actually a "superuser" for our IT systems ie local point of contact for folk who had difficulty working the system. annual leave etc was done on line decades ago for us
annual leave etc was done on line decades ago for us
Electronically - yes. On line, decades ago - I very much doubt it.
should have been "more than a decade" - apologies.
"more than a decade"
Via an app or website that can be accessed anywhere? Again, I doubt it as all your HR info would have to be being stored offsite, unless your employer was offering RDP access to every employee at huge cost and personally, never mind work/home boundaries - I’d have made a massive fuss about the likelihood that all my personal data would go walkabout. Who supplied the PC/laptop for you to access it? Presumably you refused to do so on your personal one and an app (unlikely again even a few years ago never mind a decade) would be out of the question also.
Just because you do not see it or understand it does not mean there is not one.
I understand it better than you do (tricky concept for you I know) and many others posting here know more than I do, all of whom you said you'd listen to. There is not separation in the specific context of the post I was replying to.
Ie, paraphrasing, "I don't need MFA if I'm in the office." Bullshit you don't. You need MFA whether you're at home, in the office, in Romania* or on the Moon. (Though I'd have geolocked out those last two without a prior request anyway).
We can all say it together if you like: Passwords. Alone. Are. Not. Fit. For. Purpose. This becomes especially pertinent when all your data is in the cloud (hah, just ask Salesforce) - it doesn't matter one jot where -you- are. I don't need to hack your laptop to pillage your data, it's not the 1990s anymore.
You can argue all you like about work/life separation and I will agree very strongly with you on most points, but you cannot argue about MFA. It really is (you'll like this bit) that black and white. Corporate Wi-Fi isn't going to protect your M365 tenant if the only thing between you and a password-spraying external attacker is "Ronaldo7!"
(* - no offence to Romania, it was the first overseas country that came to mind).
Work in cyber security and data protection for over 25 years.
Not using a private mobile for MFA is petty and puts the organisation and you at risk.
If you are happy to work from home on your own Internet connection, In your own house, in your own room, sat at your own desk, using your own chair, using your own kettle? Yet object to using your own Authenticator? Well I am sure (possibly not) see the contradiction.
"I don't need MFA if I'm in the office."
To be clear for those where MFA is bypassed in the office there are conditional access rules that can be applied and depending on your level of licensing with Microsoft they can control and mandate all sorts of things. They can enforce additional security like 6 digit PIN numbers on both the device and a separate one on the app itself. They can enforce a minimum OS level, block jailbroken devices, block browser access entirely on the device and force use of the app. Block access from anywhere outside the UK. The list goes on. Even at the basic licensing level however an organisation can allow users to bypass MFA when the client has a certain public IP address or range of addresses. Organisations often used this to allow access in the office without MFA based on the fact that in a lot of cases an additional layer of security was already present ie gaining access to the site and needing an ID card or simply everyone would know if a stranger came and sat down and started using a computer. These days bypassing MFA in this way is not considered best practice and even mandated if you want to obtain certain security accreditations. As a result MFA is now being enforced everywhere in more and more places.
The justification for refusing to use your personal device to generate a code because it crosses some arbitrary hard line about work and home separation is not easy to see. The standpoint that being reminded of work in my own time is not acceptable and the employer must respect this is impossible to accommodate when there are so many other things which also meet this definition: seeing your salary go in, being woken up specifically to get ready for work, wearing certain clothing for work and then washing it, seeing it in the wardrobe, etc etc. I have yet to be presented with a reasonable argument that shows a distinction between these things; people insist it exists but offer no explanation as to why none of the other reminders cross this hard line. It makes it impossible to then consider offering an alternative solution which does not infringe these personal boundaries.
No organisation, when issuing ID cards for example, considers “what if people refuse to take them home because it will remind them of work?” . They don’t need to because no one does.
as mentioned above
MFA will be enforced no doubt
you can decide you do not want to set up the mfa account inside your authenticator app
the alternatives would be a corporate issued device
a company mobile would no doubt be put under management itself so you'd essentially have something awkward to carry any time you needed to work anywhere, and of course you canst use it for anything else as you're not mixing work and home lifes......
or a Yubikey, on your keyring, i have actually got one of these for absolute emergencies at an admin level, in case the world burns type thing, i loathe having to keep it safe.. i don't want it on my keyring as it's more important than my keys.. but technically i should have it near me at all times
Also, you cant be leaving these things on your desk... that's not how it works, we have even talked about making it mandatory for staff to take their laptops home with them....how's that for mixing work and home? i drive every day and i don't want to do that
I never worked from home - rather tricky when you are a nurse 🙂 thats not what I am talking about
I get it - some of you do not see the need for a healthy separation of work and home. Your choice. I do
key point, it doesn't effect your home life
facts
if you aren't using MFA for your home life in anyway, you are majorly at risk OR you do not have an online presence and prefer to do everything by letter.
If you are using MFA you are adding 1 extra number.. literally, into an app you probably have
it does not cost you
it does not add anything tangible to your data usage
what it does do is not make you appear awkward in any way to the people trying to protect your account, which is for you i hasten to add.... what could i do if i could log in as you? who could i message, what data would i have access to? Whom would you have to sit down in front of and explain how a 3rd party got sensitive information because you didn't appreciate the importance?
what is more invasive to your home life? an invisible app you never have to see until you get prompted to authenticate ONLY when you are working? OR having to transport, keep safe, and charge another device to and from work every day.
the choice will be yours but genuinely why make life more difficult for yourself
I checked with one of my ex colleagues. Nothing has changed in how you use the work computers. They do not use a phone app.
Its a secure intranet I think its called. ( ????) You use a card to log onto the computer ( then IIRC a username and password to log on???) then a username and password to get into TRAK which is were all the sensitive data is. The cards could be shared. You can only get onto the intranet from a work computer but you can get onto the intranet from any work computer
Off duty and annual leave is app based and could be accessed from a personal phone if you wanted to or from the work computer once logged in to it
Now as is obvious I am not hugely knowledgable about this stuff but that is obviously deemed secure enough by the folk that know. No need to use any personal devices or phones to access anything
All that security to access TRAK on a work device including MFA by way of a card and then allow simple username and password access (because you can’t insert a smart card into a phone) on a mobile app which can be installed on a personal and potentially unsecured device. Bonkers.
Was the last thread this weird when people started over dramatizing everything to try and prove a point? There's literally only three (commonly used) options, use your own phone, use a work phone, buy a dirt cheap phone for work MFA only.
I absolutely won't have Teams or access to work emails on my phone, so there's no way I can see that stuff once I've clocked off.
No issue with having MS Authenticator on my phone though. To refuse that would make life harder for myself and - as per the thread title - be spectacularly petty.
You cannot access TRAK on a mobile device. Only thru a work computer. ( which might be a laptop)
off duty and AL is the ONLY thing you can access on your personal device and it has no links to anything else on the system
You aren't going to get an MFA request for work unless you are actually working. So it won't impose on your free time!
What happens if I lose the phone
I think if you're an iPhone user your data is sync'ed to your iCloud account. Same issue arises if you buy a new phone? Happy to be educated if this is not the case !!
I get it - some of you do not see the need for a healthy separation of work and home.
No. You're not getting it. For some people, for some jobs, it is not unhealthy to mix work and home. In fact it can be beneficial. You might not understand it, but you can accept that it isn't necessarily unhealthy when we tell you.
I do understand some are happy to do this. However folk are saying there is no reason for me to want that separation. If you want to do it fine - its your choice. |allow me my choice
However folk are saying there is no reason for me to want that separation.
I don't think anyone's saying that. I think what they're saying is that you already accept exceptions to that separation (alarm clock, uniform, ID card etc), so drawing a line at adding an account to an app you already have is a bit perverse.
re work accounts and icloud backup.. .well they don't, you'd need IT assistance to reregister/re activate after a restore
re work separation.. it isn't separation because it is not invasive unless you go specifically looking for it. Caveat... you could get prompted if someone somehow supplies your username and password without for a login.. which is only a good thing to know right no matter whenever that occurs.. although i cannot remember when i have been prompted for my work account fraudulently...
its literally more invasive to walk around with a piece of paper in your pocket with 6 numbers on it
In work, like in life, it's really important to pick your battles.
Installing an MFA app on your work phone is not a battle to fight, no good will come of it whether you win or lose.
Let's make an example that's a little more extreme, to hammer home the point:
I refuse to have a calculator app on my mobile because I sometimes need it for work.
Or extra extreme
I refuse to have a hammer at home because I use a hammer at work.
What happens if I lose the phone
I think if you're an iPhone user your data is sync'ed to your iCloud account. Same issue arises if you buy a new phone? Happy to be educated if this is not the case !!
Your IT department can reset the MFA so you can register a new device or give you a one time access code if you have simply left your phone somewhere else..
Installing an MFA app on your work phone is not a battle to fight, no good will come of it whether you win or lose.
fortunately everywhere I have worked this would never be an issue as using personal phones for work is banned by policy, is not needed anyway because they manage it security without and again by policy if you need a phone for work you are supplied one
Oddly enough you're not going to be using the authenticator you need to for work purposes when you're not at work because there's no need. You're not at work so why would you be accessing your work email etc.
TJ - to be blunt you retired a few years ago from a job with quite special IT/phone security requirements. You have no experience here
I like to keep seperation don't get me wrong... I flat out refuse certain stuff on my personal mobile as I had to allow admin things like remote wipe etc, from company IT... so that's a firm 'hell no'.
But MFA is just a number generator and you'll already likely be using one anyway.
fortunately everywhere I have worked this would never be an issue as using personal phones for work is banned by policy
Genuine question, do you know what the MFA app is and how it works? I know that may come across as condescending, but it's not meant to be.
I ask as your answers read like you don't understand (or are maybe choosing to ignore) the very real differenced between installing Teams or Outlook on a personal phone and installing an MFA app. The former 2 potentially mean work messages and calls come through to your personal phone, something most people don't want and would be right to push against. The latter is an app to generates some numbers that allow you to access work stuff on a completely different device, that's it, no notifications, no calls, nothing bar 6 numbers that you'll enter into another device in working hours.
I just don't get how this is something to push against.
TJ: The full quote, for context. He doesn’t address the question of whether you have a reason to want to separate work from home. I think everyone would agree that you can want that, and understand why it might be particularly important in your profession. He’s just saying that MS MFA doesn’t impinge on that more than factors you already accept.
I dont quite get the barriers between home and work argument, MS MFA has never sent me a unsolicited pop up, do these people log off or go home on a evening or weekend and never think when am I next in work? how am I getting there? Are my clothes clean? do I need to make a packed lunch, etc, etc
I just don't get how this is something to push against.
Because I want a complete hard separation between work and home. I do not want to use a personal device for anything to do with work. I worked in a culture that expressly forbid this anyway. Making my lunch is for me not for work, I had a com plete change of clothes at work befoire I went home. My ID cards etc were all left at work
I ask as your answers read like you don't understand (or are maybe choosing to ignore) the very real difference between installing Teams or Outlook on a personal phone and installing an MFA app.
To me there is no difference. Its work mandating what I must do with a personal phone. What I do with a personal phone is nothing to do with work. Its either a hard line or it does not exist
What happens if I lose the phone
ChatGPT:
🛠 2. Recovery Options
Microsoft Authenticator has a cloud backup and restore feature (if you enabled it):
-
iOS → It uses iCloud backup tied to your Apple ID.
-
Android → It uses Microsoft account cloud backup.
When you get a new phone:
-
Install Microsoft Authenticator.
-
Sign in with your Microsoft account (the one used for backup).
-
Restore your accounts from the cloud backup.
To me there is no difference. Its work mandating what I must do with a personal phone. What I do with a personal phone is nothing to do with work. Its either a hard line or it does not exist
Got you. And I think, whilst I don't agree, I understand.
To me if work asked me to add something to my personal phone that had zero negative impact on me (and if anything it had a positive impact as I only needed to carry 1 devise and not 2) and has positive impact on work (better security, a cost saving) then I'd do it. I'll hide the app so I don't even see it and only use it when I log in to work.
No-one loses, perhaps bar some hackers.
Even at the basic licensing level however an organisation can allow users to bypass MFA when the client has a certain public IP address or range of addresses
I know I'm splitting hairs (and you're more current than I am), but this is in effect still MFA. It's just a form which is transparent to the user. Perhaps we should add "somewhere you are" to our list of somethings?
In any case, as you say, it's not great practice on its own.
The justification for refusing to use your personal device to generate a code because it crosses some arbitrary hard line about work and home separation is not easy to see. The standpoint that being reminded of work in my own time is not acceptable
... and why would you be getting MFA prompts when you weren't working anyway? Outside of, y'know, someone trying to hack your account.
To be "reminded of work" you'd have delve into your MFA app actively looking to be reminded.
Is there any reason that MFA can't be done via facial recognition instead of an app on a personal mobile?
I didn't say "reminded of work" thats someone elses interpretation not somethingI said
.
Its work mandating what I must do with a personal phone. What I do with a personal phone is nothing to do with work. Its either a hard line or it does not exist
I just want to keep that hard separation between work and home. I do not want work to tell me that I must do something with my personal property. Others think differently.
... and why would you be getting MFA prompts when you weren't working anyway? Outside of, y'know, someone trying to hack your account
Exactly. I may have missed some quotation marks in the original sentence but essentially I meant the user saying “being reminded of work in my own time is not acceptable and the employer must respect this “ is impossible to achieve when some things are acceptable and others not but the employer has no way of knowing which …
I know I'm splitting hairs (and you're more current than I am), but this is in effect still MFA
Technically “Conditional Access” is how Microsoft refer to it. But yeah if you have to use ID to get in the building where the MFA prompts are bypassed it’s still MFA - and also the reason a lot of people here think MFA only applies when working from home; it does for them when their IT haven’t enabled it everywhere!
I just don't get how this is something to push against.
Because I want a complete hard separation between work and home. I do not want to use a personal device for anything to do with work. I worked in a culture that expressly forbid this anyway. Making my lunch is for me not for work, I had a com plete change of clothes at work before I went home. My ID cards etc were all left at work
Crikey, so any text message, whatsapp, email with reference to anything to do with work, you delete? or you simply do not mention work in anyway on your phone?
Well as mentioned, ask work for a yubikey, be done with it, you'll then be carrying something else on your keyring every where you go, unless you can confidently not forget ever to pick it up everyday before work
All that security to access TRAK on a work device including MFA by way of a card and then allow simple username and password access (because you can’t insert a smart card into a phone) on a mobile app which can be installed on a personal and potentially unsecured device. Bonkers.
The cards slot into the top of the keyboards, sticking up vertically. The staff then wander off leaving their cards in situ, because who in the NHS has the time to log in twice multiple times an hour? It would be trivial to yoink one when no-one is looking and cloning cards generally isn't difficult. Now all I need to do is shoulder-surf a password. They're probably all the same anyway.
I was briefly involved in a previous incarnation of this system many years ago over at BDGH (Barnsley), I was sent in to un-**** it after everyone else had failed. I quickly realised that what they had been sold and what they thought they were buying were two wildly different things, it was never going to work. It simply wasn't possible.
Something like Hello For Business would likely fix all this in a heartbeat (no pun intended), but last I looked the NHS was still mostly running on Windows 7. It makes you Wanna Cry.
Is there any reason that MFA can't be done via facial recognition instead of an app on a personal mobile?
that's kind of like windows hello... although its really easy to fool facial recognition.. it can be allowed as primary authentication but authenticator/hardware key is still the top method for actual MFA
I know I shouldn't ask but...
@TJ, If you refuse to take your badge with you offsite how do you get into the locker room to access your locker, similarly, do you have a locker key to allow you to store your clothes etc and to secure the ID badge you have left on site?
Crikey, so any text message, whatsapp, email with reference to anything to do with work, you delete? or you simply do not mention work in anyway on your phone?
Nothing from work was ever on my phone.
I get this is hard to imagine for some of you and I understand different environments are different but I maintained that hard line.
Edit - some buildings had a number pad to access the building,some had nothing. Locker was secured with my own padlock
so you used your own padlock for work? should have issued you one....
This is smart cards and is needed to access the NHS spine for registering patients I believe. People really should not be sharing these, I have seen it and put a stop to it straight away. You can also get tap to log in badges, these are primarily for clinical side staff but a few of my team have these to avoid having to constantly take off PPE etc to log in.
I also have heard stories of senior managers sharing login details with colleagues so they can check on things when they were on leave. My experience is that times really have changed, and due to the high profile hack in 2024 which is still not totally resolved people are much more aware of the impacts of lapse security.
Most trusts I know of are on Win 10 and we have just moved over to Win 11
All that security to access TRAK on a work device including MFA by way of a card and then allow simple username and password access (because you can’t insert a smart card into a phone) on a mobile app which can be installed on a personal and potentially unsecured device. Bonkers.
Just to point out again this was not the situation. You cannot access trak via anything but a work computer going thru the security. the only thing you could access on your phone was your own roster and AL requests
How about this then
we use a 3rd party HR website.. all staff training info, contract docs, leave calendar etc are through that
We enforced MFA on that as it is a requirement.......
Who's getting people mobile phones so that staff can access their own private information and request holidays?
likewise a benefits hub we use....
Sage for our payslips/ P60's etc
All 3rd party systems, all enforced MFA and all solely for the benefit of the employee
Alan - I could tell you horror stories of that sort of thing. We had communal cards for example. All the card did was open the log on screen and did not identify an individual
An earlier incarnation without the cards you could normally find a generic login to the computer ( but not to TRAK) on a post it somewhere on the desk
TRAK was much more secure and just logging into the computer did not get you access to confidential information of any sort. You would then need a different login to get to TRAK, A different one again to get into emails
How about this then
we use a 3rd party HR website.. all staff training info, contract docs, leave calendar etc are through that
We enforced MFA on that as it is a requirement.......
Who's getting people mobile phones so that staff can access their own private information and request holidays?
likewise a benefits hub we use....
Sage for our payslips/ P60's etc
All 3rd party systems, all enforced MFA and all solely for the benefit of the employee
What do you do with folk that do not own a smart phone or cannot use one? - a small % of folk but in an organisation employing thousands there will be some
For my organisation all that stuff could be accessed thru a work computer. Are you saying it could only be accessed on a personal phone?
I assume they badger their managers to print off their docs or something... luckily that doesn't come back to me in IT because it is pretty much the law to have it enabled, without it we cannot certify for various accreditations, and the we can't apply for certain contracts...
Flipside.. guess who would be moaning when their personal data was accessed because they completed a Facebook quiz about their Grandmothers maiden name and gave up their password, and guess who would be moaned at...
They can access the aforementioned portals via any device, as long as they pass the MFA requirements, we do not have any conditional access controls on those portals, so in theory MFA would be required at almost every log in
Hmmmm - open and shut disability discrimination case then? 🙂
Just another thought, consider all the stuff that work provide for personal use like browsing the internet? The WiFi that you connect your personal device for checking your personal stuff. Work are asking you that a bit of kit that is already In place is used for a tiny proportion for everyones safety in the same way that stuff already there (browse to the internet) is used for everyone's personal benefit
Different point but also consider that MFA doesn't leave any work data on your phone or any personal stuff in work IT systems , it's the same principle as a passport in an airport, you keep it with you and half of a digital key is on your device with Microsoft having the other half- not even a whole key
What do you do with folk that do not own a smart phone or cannot use one?
You use a physical encryption key like a usb stick with a fingerprint reader on it, they just prove it's you like a passport in the airport
Hmmmm - open and shut disability discrimination case then? 🙂
For someone who clearly doesn't understand the topic you have had quite a go at this one. Bottom line is, we hear you in your desire to separate work and personal life. Most understand the principle but not the extent to which you go. However, as has been stated many, many times on this thread, IT and those responsible and accountable for security in general within an organisation are under significant pressure to deliver solutions that can help to protect the company, its systems, its data and its people. One of the least intrusive and most effective solutions at the moment is to use MFA. There are several flavours of it but the least costly, most flexible (for the vast majority) option is to use an authenticator app on your phone. If you really, really, really do object to that (or you do not have access to a smart phone) then you have the option of something like a FIDO2 key eg Yubikey etc. If you wanted to make the support crews desk a complete pain you could refuse to use the Yubikey and they could issue you a Temporary Access Pass. But that is unworkable for a y organisation once you get above 20 people. For places like the NHS, actually a Yubikey type device is likely to be preferable as it allows more flexibility to logon to shared computers - so you wouldn't have to carry your phone around with you. Also useful for those who work in restricted or secure zones where they aren't allowed to have their phones. At the end of the day, this is a simple technical solution that adds significant protection and can help to prevent your company being on the front pages as another victim of cyber crime. The worst hit, as we have already seen this year, actually go bust and cease to exist as companies. Which means everyone loses their jobs, their income and gets a whole heap of new stress to worry about.
or you simply do not mention work in anyway on your phone?
The downside there is that you can't call in sick. You have to go to work, tell them you're sick in person and then come home again.
I just want to keep that hard separation between work and home. I do not want work to tell me that I must do something with my personal property.
I'm so glad I never had to work with you 🙂
For places like the NHS, actually a Yubikey type device is likely to be preferable as it allows more flexibility to logon to shared computers
Which would be perfectly acceptable to me and is similar to the way my ex workplace works ( I think) Again - I am not refusing to use MFA. I am not wanting to use my personal stuff to do so
or you simply do not mention work in anyway on your phone?
The downside there is that you can't call in sick. You have to go to work, tell them you're sick in person and then come home again.
Again - not anything I have said. It is funny when folk make up things a person has supposedly said to then use against them
Which would be perfectly acceptable to me and is similar to the way my ex workplace works ( I think
What’s acceptable to you seems to be entirely arbitrary, satisfying some principle that you have concocted. I’m not sure how an employer can accommodate a workforce where each individual makes up rules about what’s “acceptable” to them.
I do not know how to explain it more simply
If work wants me to do something then it supplies the tools to do so. I do not think mandating how you use your personal property is acceptable. That phone belongs to me. Making me use it for work crosses a line for me.
fortunately my ex employer recognised this and actually makes using a personal phone at work a disciplinary offense so this never arose.
fortunately my ex employer recognised this and actually makes using a personal phone at work a disciplinary offense so this never arose.
FWIW, my current employer also recognizes it and has no issues with a £70/80 phone being sourced every 5 years.
They also paid for my desk, chair and few other genuinely helpful things. Probably part of the reason I'm still there and still highly motivated.
I do not know how to explain it more simply
You've described it very clearly. Still doesn't make sense except as part of your personal philosophy, which of course you're entitled to, and if your employer is happy to play along then everyone's satisfied.
you told me to unionise - make up your mind!Poly - it’s nothing to do with unions or anything like.
which in a modern workforce is virtually nobody - and if there are a few relics they either need to negotiate with IT as suggested or buy a device, sometimes there are costs of being employed - like the clothes we wear! You are making a mountain out of molehill - and still haven’t backed up your original claims which I challenged that this is in anyway something an employer cannot do.Its two things - one is thinking of those that do not have smartphones ( and several folk responsible for this stuff have said its no issue)
I wonder how you go through life with NHS logos everywhere on your days off that would obviously trigger you: if an MS MFA app would invite your personal work/home barrier.the other is about having a hard barrier between work and home. Again something others have as well.
you’ve retired - it possibly is still the case that your workplace employs the same rule but also they may have decided MFA trumps the other issues. However clearly if a company has a policy of no personal mobiles in the workplace it can’t also apply a policy of please use your personal mobile to authenticate. That doesn’t mean a workplace that doesn’t have a no personal devices rule is acting unreasonably in suggesting this is the simplest and possibly best way to do it.At my workplace having your own mobile in use when on duty is a disciplinary offense and so is plugging anything into USBs cougar 🙂
weirdly as a patient nobody has objected to me plugging in my phone charger! I know some organisations safety departments are run by idiots but the NHS could save a fortune if the stopped paying for PAT testing double insulated chargers with only a low voltage USB cable attached! By insisting that a “competent person” comes and sticks a label on it (there is nothing to test) they are saying that the NHS staff who are trusted to administer drugs etc can’t be trusted not to use a damaged plug! The union should probably point out the waste of money!
im not sure what that comment was in reference to - but there is nothing requiring an employer to preemptively make adjustments for disability - it’s too hard to cover every possible disability. The employee asks for a reasonable adjustment and the employer cooperates. Of course reasonable adjustment doesn’t apply to anyone who doesn’t have the same disability nor does it require the employer to make their security more vulnerable.Hmmmm - open and shut disability discrimination case then? 🙂
Anything that involves stuff give getting dirty, I’d expect PPE to be supplied, or an allowance to cover expenses
I've had many jobs over the years where wearing a suit was a requirement. It was the only place I'd ever wear a suit. Not once had I ever considered my employer should pay for the suits