You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
you’ve retired - it possibly is still the case that your workplace employs the same rule but also they may have decided MFA trumps the other issues.
I checked with a colleague still working there
im not sure what that comment was in reference to
it was in reply to someone in NHS it stating that employees could only access various staff info on a smartphone
I've had many jobs over the years where wearing a suit was a requirement. It was the only place I'd ever wear a suit. Not once had I ever considered my employer should pay for the suits
I was thinking the same.
On the phone thing, when mobiles first became common, late 90's, I got given a company phone. Every month I had to go through the bill and pay for any non-work-related calls - ISTR this was actually an HMRC requirement if you didn't want the phone to be a taxable benefit. I considered calls to say I'd be late home to be work related. I didn't buy my own phone for quite a few years, but once I did I kept a pretty strict separation, and I never gave my personal number to colleagues or clients. More recently when BYOD became a thing, some people wanted the simplicity of only having one phone, I still asked for a company phone - I didn't want corporate MDM on my own phone.
So my position was basically that I wouldn't use their phone for personal stuff, and I wouldn't use mine for business stuff. But in this case, I think I'd be prepared to add an account to an authenticator, the intrusion really is so minor as to be irrelevant.
Just checked my one and only mobile phone
14 work apps on it plus an authenticator 😎
We have had the discussion in my team about staffing using personal devices when at work. I have explained to the team that using them in the morning if needed to log in doesn't justify people using it all day and as they are all adults they understood that. Using a personal phone historically meant you weren't working as virtually no one had cause to use it. I find that when I am onsite and using the same PC as normal I very rarely need to use MFA but sometimes do.
A lot of what TJ refers to might have been correct for his time and place but it's wrong in my experience of 6 trusts over 25 years.
You simply couldn't get to your locker if you left your badge at work as there are always multiple swipe card points between the front door and the locker room, you can't use your own padlock as lockers often have locks and your are given one to use and a key. This is to stop people leaving and a locker being locked shut.
The only place I have seen a coded door lock in the last 15 years is the bike sheds.
The very least you would have to do is carry a locker key and a passcard. There is no justification for refusing and if someone did that today I can't imagine they would pass probation.
I can assure you that none of the Lothian hospitals have passkey entry. Most of them have open doors. that's up to date info from visits in the last year. those without open doors have coded locks.
no internal swipe card access. number pads for secure areas
no swipe cards that I have seen. certainly all staff do not have them
That simply isn't possible. It's the first thing you do on your first day of employment. Including where I have worked I must have visited 20+ hospitals and every single one has swipe card access based on user profile. Hospitals would be shut down without it
Induction info for medical students for the Royal
"Please note that Resident Doctors on the REH/RIE rota will also need to obtain an ID Badge (swipe card) from the RIE as they require this to gain access to the wards when on call. Time is factored into Induction for badges to be obtained."
and for the sick kids
Inform Security immediately via the NHSL FM Helpdesk or calling ext 50001 if you have lost your ID badge, to disable access, then complete the ID badge application to apply for a replacement.
fascinating. maybe for specific areas but I have been an in and outpatient over the last couple of years and just simply walked into the areas I wanted to go to. that's a surgical ward at wgh and multiple outpatients units at both wgh and Eri including imaging etc.
I avent been on a ward at eri for 4 years but again it was open access then
there are no swipe to access between the outside world and the lockers at wgh
maybe they close down at night at eri but 2 years ago at wgh I simply walked on and off the ward even at night
one of my opd visits was at the sick kids. open door and I just walked into imaging for my mri
.apart from anything else almost all wards have open visiting in the daytime.
I'm guessing eri must go to lockdown at night?
Locker was secured with my own padlock
Did you take the key home with you?
[a Yubikey] would be perfectly acceptable to me and is similar to the way my ex workplace works ( I think) Again - I am not refusing to use MFA. I am not wanting to use my personal stuff to do so
Would you have the Yubikey rattling around loose in your pocket or would you attach it to your keyring for safekeeping?
I've had many jobs over the years where wearing a suit was a requirement. It was the only place I'd ever wear a suit. Not once had I ever considered my employer should pay for the suits
Same, but I would fully expect to be reimbursed should those suits (OK, that suit) get damaged whilst at work.
Security in the NHS seems to vary. When visiting a relative at the Queen Elizabeth in Glasgow the wards were locked every time. Visiting hours or not. You needed a card or you needed to buzz the nurse station to get in. At the A and E dept you can't get past the waiting area without a card or a staff member letting you in.
I work at an NHS building. Only used by NHS staff no treatment areas or wards. You can't get past reception without a card. A card only grants to access to certain zones depending on your role.
If you needed glasses to see the computer would you refuse to use your own on the same basis that you are not prepared to use personal stuff for work? And if by some really stubborn workarounds you managed to get away with not wearing them outside work because of the constant reminder of work every time you wore them (I don’t read books, my partner reads all the labels on things, I ask people in the supermarket how much stuff is etc etc) then would you expect work to pay for your glasses?
Would you have the Yubikey rattling around loose in your pocket or would you attach it to your keyring for safekeeping?
He doesn't have to carry it at all times, you can shove that into a work stuff drawer and forget about it until the next shift. Same for ID cards and uniforms, but he'll have his personal phone on him constantly (to post here).
I think you probably need to start accepting that some of us have built (this stupid thread aside) fairly effective mental tactics over the years that enable us to put up barriers that 'mostly' block out work from non working hours. If you haven't done that, you either don't need to, or it sucks to be you, Those tactics likely being developed by necessity and individually over time with them not making all that much sense to an outsider, because by default there's going to be a largely random line in the sand.
There's an awful lot of reductive nonsense posted on this thread that, to TJ's situation is complete garbage.
E.g.
If you needed glasses to see the computer
None of you get to determine where TJs line is, nor do any of you get any say whatsoever as to whether it makes sense to TJ himself. Only TJ gets to determine that.
Most of you need barring for life from any job where empathy is required.
I would fully expect to be reimbursed should those suits (OK, that suit) get damaged whilst at work.
Haha - I’d pay money to see the manager’s face when that expense claim went in.
None of you get to determine where TJs line is, nor do any of you get any say whatsoever as to whether it makes sense to TJ himself. Only TJ gets to determine that.
True, of course, but TJ cannot require everyone else to facilitate his personal religion.
Same as work cannot require every staff member to use a personal device for work?
Some of you would refuse to put work email or teams on your personal phone - how is my stance different?
TJ's line is Tj's line, fair enough
BUT
MFA will be enforced no doubt, and TJ will have to either add the account to authenticator or transport another device to and from work
Email and teams most likely requires mobile device management on a device. ie these apps become controlled by the business. You grant the business control over an area of your phone. The boundaries of which are explained when setting up. It is possible to set these apps up uncontrolled, but that isn't ideal for business security. If you like the apps are isolated from the rest of the phone.
An authenticator account isn't controlled by the business (it can be but not necessary)
this is where the line is very different
and HMRC explicitly says they can’t without it being a taxable benefit - unless it is a uniform used to identify staff.Anything that involves stuff give getting dirty, I’d expect PPE to be supplied, or an allowance to cover expenses
I've had many jobs over the years where wearing a suit was a requirement. It was the only place I'd ever wear a suit. Not once had I ever considered my employer should pay for the suits
I don’t think anyone objects to TJ having his own personal set of rules and being willing to stand up for his convictions and either make a fuss or leave if his employer has the audacity to we have a different view. I do however think it’s wrong of him to suggest that his arbitrary line is in anyway a universally recognised/legal requirement. Or that employers who don't draw the line in the same place are fundamentally doing something wrong. There are horrible employers around but if I was making a list of things that set off my red flags about employers - using personal devices for MFA wouldn't even register. It really isn't anywhere near uncommon. He’s quite guilty of applying his NHS experience and assuming the rest of the world does or should work the same way. I’m really surprised that physical security is not better implemented in NHS Lothian. My recollection as a user of ERI was there were access control pads all over the place but as I never needed to go anywhere that was not public I don't know if they were in use. I think he used to work in police stations and I think care homes too - my experience of both of those are that access is controlled quite tightly. Really never had a phone number for any of them in his phone? Never had a key or access card to access the site or even the car park/bike shed?
Being a little bit more up on the technology, I thought TJ's view of authenticators was flawed and needed reconsidering. They're a small fairly basic unobtrusive utility with one purpose only, a tool without bells or whistles, and which you have a choice and control over. That's why there has been (what I assume were referred to as reductive statements) comparisons with glasses, calculators, and hammers.
At my last workplace, they wanted us to like every single one of their social media posts. I don't have social media on my mobile (only on desktop with non-memorable passwords), so managed to get away with it. Had it been otherwise, I'd probably have been pushed into it, peer pressure etc.
Additionally, some of us were swapped with a team from another room, and to facilitate the fact that one of the important finishing processes required lots of communication between us all, they started using Whatsapp for the process. Two of us tried to push back against this, saying it crossed boundaries and we don't use our personal mobiles for work, and that we're often too focused on our work to stop to keep checking our mobiles.
The rest were younger, and consisted of people closer to the boss than us (ie family/friends), so we were alone on that matter and just had to suck it up. I muted the notifications of the workplace whatsapp groups I was in, because they contained lots of distracting nonsense. When it came to my active involvement I used Android's Caffeine mode to keep the screen awake so I would see in real time when messages came through for me. The rest of the time I'd only check for messages when I was good and ready and generally didn't get involved. So I felt I was able to keep some sort of line there even though it was a bit closer to my personal side than I would have liked.
^^
whatsapp for business use, without a business license breaks the licensing terms..
so technically there's 2 things there, they should have asked you if it was ok to pay for a business license for you, and if youd be happy to use it. You could have had notifications automatically turn off out of hours etc
I think he used to work in police stations and I think care homes too - my experience of both of those are that access is controlled quite tightly. Really never had a phone number for any of them in his phone? Never had a key or access card to access the site or even the car park/bike shed?
POlice - had to be buzzed in. No access card given to me. couldn't leave the building during my shift, couldn't leave my work area. Never had a phone number for them. didn't own a mobile then
Care homes one was open door open access, others were keypad locks. More than ten years ago didn't own a mobile then
never had a swipe card for anything nor an access key even when I was manager
Thinking further about the swipe cards at ERI. Some areas did use them and staff working there did have them but during the day everywhere I went in the ERI was open access. I assume that they locked down at night. the piece alan posted specifically states for on call access to wards. My last visit to a ward there was longer ago than 4 years - I confused visits but it was open access during the day. Last visit there a couple of months ago for OPD scanning done in the sick kids. walk in thru an unlocked door into the building, walk up to scanning dept. Walk into scanning dept. Main corridors and OPD all open access
WGH - Numerous out and inpatient visits most recently a few months ago. Open doors to outside world, open access thru all parts of the hospital. Open access to surgical ward 2 years ago - maybe a keypad to the ward? I cannot be sure but I know I was going in and out of the ward without bothering the staff so if there was a keypad they gave me the number and i was going in and out of the main hospital doors even at night
Unfortunately there is a lot of traumatic memories associated with those hospitals so I fully accept my memory may not be clear. However I am 100% certain that the main doors to the hospitals are open access during daytimes and that you can freely wander around the corridors and use stairs and lifts
whatsapp for business use, without a business license breaks the licensing terms..
They also completely ignored the requirement for a license to listen to the radio (much to my chagrin) so I doubt that would have persuaded them either, unfortunately.
MFA will be enforced no doubt, and TJ will have to either add the account to authenticator or transport another device to and from work
As I explained in another post. Access to TRAK still does not require an app on your phone. Smart cards and two layers of login to get to TRAK. Insert card into machine gets you to the basic log on screen. Log in with user name and password. That gets you to the basic computer then a further different user name and password to get into secure areas of the database. its a secure intranet which can only be accessed from work computers.
The smart cards did NOT identify the person as far as I am aware. We had some communal cards. all they did was unlock the log in swcreen
that is still the situation today. No authenticator app, no device needed
my bad
I got derailed into thinking it's your thread TJ
I rephrase, if it came to it, that would be your choices, and the OP's
for the rest of us, that's where we are at now
Yes, the world has moved on in the last 10 yrs and it would not have been that unusual to have no phone or certainly a "dumb" phone in 2015. It really will be exceptional today to have someone who is employed in a professional setting who uses a computer for their job who doesn't have a smartphone. Just as well you weren't a police officer with a warrant card - that really would be a reminder of work outside working hours. I think you'll recognise that most people with a work pass can't leave it "in the office" behind a poorly secured door with a flimsy padlock to protect it - as they will need that pass to get into work in the first place.POlice - had to be buzzed in. No access card given to me. couldn't leave the building during my shift, couldn't leave my work area. Never had a phone number for them. didn't own a mobile then
Care homes one was open door open access, others were keypad locks. More than ten years ago didn't own a mobile then
However I am 100% certain that the main doors to the hospitals are open access during daytimes and that you can freely wander around the corridors and use stairs and lifts
I can confirm that as a patient/visitor you can walk into most (all?) NHS Lothian hospitals and wander round without any access controls. You may or may not be able to get on individual wards at some or all times without a code, a card or being buzzed in. The surprising bit was you could get to a staff locker room with nothing more than a pin pad - given staff leave their valuables there that would seem to me to be a far bigger issue than being asked to use your own phone for MFA. Perhaps the petty thieves of the lothians have a moral compass and won't nick NHS staff property? It would be ironic if there's one part of the workforce arguing they shouldn't have to leave their fancy phone in the cupboard and another faction arguing that the perfect reason for having your phone on your person is an infringement of your work life balance! How do you reconcile those differences if the split is 99:1 ? What if the representative of the 100 is the vocal minority?
that really would be a reminder of work outside working hours
Once again - its not about being reminded of work outside of work hours. Its about work wanting me to use a personal device during work time for work activities. Want me to do something then provide me the tools. do not rely on me using my personal property for work. Its like if work want you to supply your own pens or keyboard
Same as work cannot require every staff member to use a personal device for work?
You keep saying that - but haven't provided anything to substantiate it. Certainly for new employees it's perfectly possible to make it a condition of employment. I doubt a tribunal would find it was unfair dismissal if the only thing an employee was in dispute about was the authentication method to the network - perhaps 5 years ago, but now with so much concern around randsomware/phishing it seems good security should be a number one priority. I'd happily contend that in many workplaces a personal phone is more secure than a device that is only ever used for logging in - people are naturally more careful and don't lend them out willy nilly etc. The tribunal panel probably need to use their own phones to access your court papers and are going to roll their eyes! Now you can ask the question if forcing it on people who dont like it is the best way to build a relationship, but that is a different question from can they.
I think this shows you don't know what these authenticator apps are like or do. The reason people are talking about passes and keys is that is the analogy - your pass or keys don't contact you are 10pm on Sat evening, an authenticator app is either completely silent until you open it (google) or only pops up on your phone when you try to log in on a computer (microsoft). Unless someone is trying to hack your account you will never see or use it except when you want to - during working hours.Some of you would refuse to put work email or teams on your personal phone - how is my stance different?
No it shows you do not understand my point. Its using my personal property for work purposes. Its nothing to do with what that usage is. Its that I do not want work to use my personal property for any purpose.
Passes and keys are not my personal property. Thats not the same in any way
that really would be a reminder of work outside working hours
Once again - its not about being reminded of work outside of work hours. Its about work wanting me to use a personal device during work time for work activities. Want me to do something then provide me the tools. do not rely on me using my personal property for work. Its like if work want you to supply your own pens or keyboard
It's probably not uncommon for people to supply their own pens!
Whilst you wore a uniform so were provided with it (I assume), many employees provide their own clothes - did officers promoted from uniformed PC to CID refuse to come to work in civvies because the force weren't paying for them? They are basic essentials for the workplace. I'm guessing you provided your own shoes? Did you use a fob watch or similar? Was that provided? Did you have a similar OMG no way attitude to stuff going the other way - wearing a pair of gloves to fix a chain issue on your bike before you cycled home? Using a bit of micropore tape to stop your bar tape unravelling? Finding that you've brought a work pen home - and making sure nobody uses the ink to sign a document?
What I am suggesting is that you are a bit out of touch with what is normal practice in many normal workplaces. The NHS is a weird place to work: most people in there have only every worked there and have become institutionalised. Things which might seem "impossible" or "mandatory" because thats how the NHS has done it and nobody would dare challenge it are not necessarily the law, or even best practice, or normal in other places. I've seen employees who try to be a PITA about trivial stuff; it's essentially career-limiting - that's not about the cost saving of the device its about the attitude, and its not usually management who get pissed off first - its all the other people who actually (at least sort of) enjoy coming to work and find the "they can't make us do this" workplace stuff culture destroying.
None of you get to determine where TJs line is, nor do any of you get any say whatsoever as to whether it makes sense to TJ himself. Only TJ gets to determine that.
Fundamentally, I think the issue is that TJ himself either doesn't or won't understand what the request actually entails.
The reason he's getting the pushback he is is because his stance - whilst otherwise laudable and I've said several times now that I agree with him - on this particular point is akin to arguing "I'm not going into the office because I'm frightened of zombies." If we were take him round and show him that there were, in fact, no zombies in the office and he still maintained his stance then fair enough. But as it is it's a viewpoint born - by his own admission - from a point of ignorance, and that's not something IMHO we should be rallying to defend.
Haha - I’d pay money to see the manager’s face when that expense claim went in.
I've provided my own tools for work before now. When one broke in the line of duty, they replaced it.
If you want me to wear a suit rather than appropriate clothing to crawl around under desks running cables and I wear the knees out of expensive trousers, I would expect the same to apply or I'm coming into work in cargo pants tomorrow.
Fundamentally, I think the issue is that TJ himself either doesn't or won't understand what the request actually entails.
... as evidenced by "Some of you would refuse to put work email or teams on your personal phone - how is my stance different?"
They are wildly different. If you don't understand how then that right there is the problem which has tied up three pages of discussion.
But as it is it's a viewpoint born - by his own admission - from a point of ignorance,
No its not - its a simple hard line. work do not get to use my property for anything ever. Its nothing to do with what the thing is. I do not want work to tell me what I have to do with my own property
I do not know how to explain this any clearer.
They are wildly different. If you don't understand how then that right there is the problem which has tied up three pages of discussion.
the principle is the same. Work mandating how you use yor personal property. Its nothing to do with what the app is. Its a hard line. this is my personal property and I do not want work telling me what I have to put on it.
its nothing to do with the function of the app - its the principle
No it shows you do not understand my point. Its using my personal property for work purposes. Its nothing to do with what that usage is. Its that I do not want work to use my personal property for any purpose.
Passes and keys are not my personal property. Thats not the same in any way
No you aren't understanding. its like giving you a key which you put in your pocket or a pass that you put in your wallet (or a password you store in your brain). An authenticator app is the key/pass - you are simply storing that in a convenient location. You are essentially saying "I won't accept a key/pass to the system because I don't want to put it in MY pocket". In your case your scrubs pocket is probably NHS property just like a company phone so that would be unreasonable. But for someone who is required to wear their own clothes this is just an extension of that - you are given a digital unlocking mechanism which you are required to store on the item you are expected to have anyway.
No you aren't understanding
I do - its you that is missing my point. I completely understand what the app is ( but not how it works) You guys seem to be unable to grasp my point. I do not want work to tell me that I have to install something on my personal phone. It does not matter to me what that thing is
Its not about the practicality, its about the principle
I give in.
If your work gave you a locker, and the only way to open it (the key if you will) was via an app on your phone you'd presumably turn it down?
But if they gave you an actual key, you'd accept it, and presumably add it to your key ring for your own convenience?
In both of those scenarios the 'key' nominally is a work tool that they've asked you to use, just one is physical and the other electronic, they otherwise do exactly the same thing Turning one down and accepting the other isn't logical. It's your choice of course, but it's completely arbitrary
No you aren't understanding
I do - its you that is missing my point. I completely understand what the app is ( but not how it works) You guys seem to be unable to grasp my point. I do not want work to tell me that I have to install something on my personal phone. It does not matter to me what that thing is
Its not about the practicality, its about the principle
I give in.
We get your point, we (or certainly I) just think it's an unreasonable point. You asked what the difference was between those who would accept MFA but not Teams or email etc on their device - the difference is what I explained.
I'm fine with you having a contrary view - just so long as you aren't telling people that employers CAN'T do this. You are normally quite a reliable source for HR matters. They can and they do. You don't have to be employed, or employed in a job that requires you to log in to company computers. They don't have to employ you! It's reasonable for them to have security measures, and it doesn't seem unreasonable that if they allow personal phones in the workplace that they ask these are used to verify identity during login to their systems. As discussed several pages ago most IT departments will find some old phone for people who genuinely have no suitable device or are just awkward. I believe its useful for people who are awkward to be aware that other people roll their eyes at them.
I've said this before, but the only people happier than Jeremy when he retired were his managers😂
Slightly OT, but going back to something that's been mentioned, my last work place were too tight to supply people with batteries for wireless keyboards and mice. I strongly objected to using my own money to purchase supplies so I could do my job, so requested to be supplied with wired keyboard and mouse, and thankfully was obliged.
Still wouldn't object to the authenticator app tho 🙂
I asked my other half, and she said she'd object to it too, so you're not entirely alone TJ 🙂
I guess if you already use one and understand the basics of how they work, and can see it conceptually in contemporary terms it's a non issue.
Once more with feeling, then I give up. I'm getting a flat forehead.
Say you already have a personal phone in one of those wallet-style gatefold cases that used to be popular, the ones with little slots inside for a couple of bank cards and an emergency tenner. Work issues you with a credit card sized ID card which you are required to have with you at all times whilst working. Work suggests that for safekeeping you keep the ID card in one of the currently empty slots in your phone case. Would you consider this to be an unreasonable request?
For the sake of argument let's assume that you're allowed to carry personal devices at work, indeed most employees routinely do just that. Also, this isn't a mandate but a strong recommendation for your convenience; otherwise they will provide you on demand a second wallet twice the size of your existing phone to minimise the chance of card loss or someone else 'borrowing' it, but whichever route you choose you MUST have the card on your person protected by a wallet at all times from the start to the end of your shift, this is immutable. This card would be the only thing allowed inside a work-provided wallet, the rest of the slots have been sewn shut.
Passes and keys are not my personal property.
... aside from the key for your self-provided locker padlock (assuming it's not a combo lock). You never did tell us what you did with that when you went home.
I do not want work to tell me that I have to install something on my personal phone.
Bingo.
They aren't. They're asking you to use something which, if you have any sense, you should already have installed.
my last work place were too tight to supply people with batteries for wireless keyboards and mice.
I'd just ring IT every time they stopped working. See how long that policy lasted.
Its using my personal property for work purposes. Its nothing to do with what that usage is. Its that I do not want work to use my personal property for any purpose.
Do you wear pants to work? If so do your employers pay for your pants?
Do you wear glasses at any time? If so do you wear them at work? If so do your employers pay for your glasses?
Do you keep any work related information (i.e. the phone number of someone at work, or your schedule, .... anything) on your phone? If so have you asked your employers to pay for your phone?
I'm getting a flat forehead.
You and me both. I've given up trying to explain a principle I have 🙂
All these weird so called parallels. Nowt to do with it. None of them are work mandating what I have to do with my personal property
Do you wear pants to work? If so do your employers pay for your pants?
Thats me using my personal property. Not work
Do you wear glasses at any time? If so do you wear them at work? If so do your employers pay for your glasses?
No and if you need glasses to use the computer at work then work pays for them under VDU regs
Do you keep any work related information (i.e. the phone number of someone at work, or your schedule, .... anything) on your phone?
No
Only after I retired did I put her number on my phone 🙂
Edit - well maybe a couple of weeks before 🙂 but that was for my use not for work use. Again not analogous. Nothing on my phone was for works use
The business isn't telling you what to do with your own property. It's giving you a key to unlock things. Same as your locker key (which work might give you) it's just in electronic form instead of a physical object.
The business isn't telling you what to do with your own property.
Yes it is - its saying I have to put this app on my phone for their convenience
The business isn't telling you what to do with your own property. It's giving you a key to unlock things.
That key is pretty useless without the phone though, no? If you need a phone for work, it should be supplied or paid for.
I am not going to answer anymore. For some weird reason you guys are trying to tell me my ( admittedly extreme) principles are wrong. Its my principles
Do you wear glasses at any time? If so do you wear them at work? If so do your employers pay for your glasses?
No and if you need glasses to use the computer at work then work pays for them under VDU regs
Pedant mode - they must pay for the test. If the test says you need specific glasses for the VDU work then they must pay for them but if your ordinary distance or reading glasses do the job they don't have to pay. Accordingly I use my personal glasses to be able to see what I am doing at work. They are of course only required to provide the most basic glasses and frames.
Despite this, my employer provides a generous private medical package that includes £250 every 2 years towards glasses (for any purpose). Its the sort of give and take that means our staff are less likely to squabble over who paid for their biro or if they can install an app.
Its the sort of give and take that means our staff are less likely to squabble over who paid for their biro or if they can install an app.
This. I don’t mind using my own bottle opener to open the beer that work provide.
...its like giving you a key which you put in your pocket .... An authenticator app is the key/pass - you are simply storing that in a convenient location. You are essentially saying "I won't accept a key/pass to the system because I don't want to put it in MY pocket".
@poly sums it up perfectly in my opinion. The 'solution' of asking IT for a work phone is then the equivalent of them providing a second pair of trousers for you to wear at the same time as your personal trousers - simply so you can use a 'work' pocket. Utterly bonkers.
Also, isn't TJ 100% retired? There's a huge number of posts in this thread that refer to his work in the present tense. I think this is a lot less relevant to the mad old bugger than a lot of people are appreciating.
The 'solution' of asking IT for a work phone is then the equivalent of them providing a second pair of trousers for you to wear at the same time as your personal trousers - simply so you can use a 'work' pocket. Utterly bonkers.
Well, that's just more false equivalence nonsense. You can choose to go to work without your own phone (or at least you should be able to, if you're an employee)... I wouldn't suggest you travel to work without your trousers on. You shouldn't be made to use your own phone for work... of course the convenience of having work apps on your own phone (one device for everything) is welcome and normal for many people. Don't force your choice to merge personal and work technology onto all workers... many want and need that work/life divide.
Hmm... sudden Severance vibes.
Also, isn't TJ 100% retired? There's a huge number of posts in this thread that refer to his work in the present tense. I think this is a lot less relevant to the mad old bugger than a lot of people are appreciating.
Not a good avertisement for retirement is it? No relevance to him and yet still fully engaged with a conversation about it online - you need a garden or something man!
Yes it is - its saying I have to put this app on my phone for their convenience
How many more times? No they aren't, they're asking you to utilise an app which you really should already have.
It's nothing to do with your principles. We all understand your principles and most of us agree with them. Rather it's everything to do you with you catastrophically failing to understand what's actually being requested (and refusing to admit it).
If they asked you to add an emergency phone number would you be kicking off because you thought that you first had to install a telephone app?
I'm done, I have to go out. Fight amongst yourselves, this is absurd now.
How do you log into your internet bank TJ? userrname, password and ???
It's the ??? that's being discussed here
Yes it is - its saying I have to put this app on my phone for their convenience
How many more times? No they aren't, they're asking you to utilise an app which you really should already have.
It's nothing to do with your principles. We all understand your principles and most of us agree with them. Rather it's everything to do you with you catastrophically failing to understand what's actually being requested (and refusing to admit it).
If they asked you to add an emergency phone number would you be kicking off because you thought that you first had to install a telephone app?
I'm done, I have to go out. Fight amongst yourselves, this is absurd now.
It certainly seems to creeped away from petty 🤣
As a counter-point I use MFA at home but it's through my password vault app and in the OP's example it would be adding another app to my phone for the employer's convenience. The password app will work with all he major players but it does depend on the admin settings in use by the employer for this to work in OP's example.
I get to run the work set-up and I accept that some people don't want anything work related on their phones. We have a work mobile for those people, my employer has to be dragged to add things for his business to his phone. 😱
Rather it's everything to do you with you catastrophically failing to understand what's actually being requested (and refusing to admit it)
TBF that shouldn't come as a surprise to literally anyone who's been on here for more than 5 minutes 😉
Hey, you've got to allow me an occasional subtle one. 😁
(ta)
Contrary to much of what people say here, I actually don't think you should mix work and personal software tokens in the same place. I use Microsoft Authenticator for my work SSO, but keep all my personal tokens elsewhere (albeit accessible on my devices including on my phone).
Slightly off topic I guess, but which devices do you keep your separate tokens on? Do you have a personal mobile with only your personal stuff on, or does your personal mobile synch to you work device?
Just from a quick glance, i have Google Authenticator for a bunch of places that support that on my personal mobile (even though some of them are te1chnically work sites) and MS Authenticator only on my work device (because I only require that for work.
Do you do something similar? I ask because finding and solving users' painpoints is a good thing in my book.
They need to give you a work phone if they want you to use a phone for work. Not a chance I would do that.
You must have had some crappy employers over the years if you wouldn't want to support such a basic request, there's no invasion of privacy, no liberties being taken, it seems a perfectly reasonable request to me, and the path of least resistance to helping to secure access to a system or service...
I'd wager the people who say it's an invasion of their personal space are quite happy to have that 'personal space' sat on their desk while they are at work.
Contrary to much of what people say here, I actually don't think you should mix work and personal software tokens in the same place.
Any particular reason?
It makes sense to me you use an authenticator on a personal phone if you don't have a work phone. Where I work if you can't do either (or other restrictions preclude the use of a mobile device in certain areas) you get issued wither a YubiKey or RSA token (depending on the system you're accessing). An authenticator is a bit easier to use as you only need to remember your phone unlock code (or have a thumb handy...) whereas hard tokens also involve a PIN of some sort (I'm saying this as someone who accesses over 10 air-gapped systems on a regular basis and some I have 3 sets of credentials in...)