Forum Discussion
MFA without a Cellphone
We, nor most people anymore, have an office line with a receptionist that can answer.
- Jeff_BirksJul 24, 2024Copper ContributorUnfortunately there are not a lot of workable alternatives to using a mobile. There are desktop apps that can be used (similar to google authenticator), and FIDO keys can also be considered (but this is a more expensive option and still has limited application).
- JoshARIJul 24, 2024Copper ContributorThanks for the response. Don't see how tokens will work for us, and would have to convince a small business owner to buy them. Don't even see that as an option under our 365 MFA setup, or an option that can be added but I'm no expert so I'll take your word for it. Long story short a one solution to fit all scenarios won't work for us, we have multiple MFA logins, within our own network, within our clients networks. With multiple different MFA apps, sometimes VPN involved sometimes not. Sure when we're the admins and can control the access, tokens might work, but most times, we're not and at the mercy of our clients. Who are typically much larger than we are, and most likely provide their employees with secured company phones. it's a problem, that there seems to be no easy solution for, and is driving our employees crazy. And when you can't have mobile phones on the production floor due to PCI and SSAE compliances, and/or you're expecting your employees to use personal assets to perform a job function. it's problematic, IT folks find themselves in-between of now. Right now 'alt or desk phone' method works for us, though it does seem to get wonkie over time and needs reset now and then, but just waiting for that to go away. We also have one client that uses Cisco Duo and there seems no way around that without using the mobile app and a having a mobile number. To me not a whole lot of particle, real world thought, went into MFA. Probably shocking but nearly 40% of Americans don't have a mobile phone, and/or share a number/phone with some other family member.
- Jeff_BirksJul 24, 2024Copper ContributorThere are plenty of hardware tokens available that are compatible with Microsoft - e.g. https://deepnetsecurity.com/authenticators/one-time-password/safeid/hardware-mfa-tokens-office-365-azure-multi-factor-authentication/
You will need to ensure that they are TOTP tokens (either 30 or 60 seconds), that you upload the seed data to Microsoft (including UPN details), and activate the tokens. - JoshARIApr 23, 2024Copper Contributornot the same, i can leave my phone at home everyday, or pretend i don't have one, you can't force it as a company. I think you're just looking for the easy way out, 50% of Americans don't have a mobile phone.
- JoshARIApr 23, 2024Copper Contributor
that puts the responsibly the on the employee to have a mobile phone, to pay for one, to have a data plan, to no forget it everyday, to have it functioning and not broken or lost or not charged. what then? this is the problem today, companies want this or that, but don't want to pay for it. 50% of Americans still don't have or use a mobile phone.
- OogieMeenanFeb 07, 2024Copper Contributor
Interesting idea, but not available to ourselves as a chemical plant were phones and other devices that don't meet regulations cannot be taken so they are stuck in certain parts of the plant where authentication fails them. Surely there has to be something simple with a mifare reader that would then code/encrypt the details so once card read it authenticates with it's own date time and device it's attached to.
- Leapfrog_1-3Dec 18, 2023Brass Contributor
Microsoft already had been sending me the text message code (we were mandated to do that when we were not allowed to come in during the Covid lockdowns), but in addition to the password and my personal cell phone to be sent a code, they are telling us we need to link a personal email account for I do not know what reason because I do not check my work email form my phone, only from the work laptop. That is where I draw the line.
They overstepped with this additional invasion of privacy with this demand so I now refuse to work from home and I refuse to check my email to keep up on work when I am off or away from the office. In the end it is their loss, not mine. I donate much less time to the company now.
- tfrainDec 15, 2023Copper Contributor
The whole goal of this is confirming you are you through something you are (biometric), something you have (a phone or RSA type card), or something you know (unique information only you have knowledge of). Unfortunately, the "something you know" is already taken up by your password. So if you have ANOTHER password, it would just be a duplicate of the same FACTOR - something you know - like a secondary password. Hence the problem. I absolutely hate having to deal with it, but I do understand the reason for it.
- Leapfrog_1-3Dec 15, 2023Brass ContributorThe point it, private is private & work is work. Don't force an employee to link the technologies. With all this hoopla I am starting to wonder why a software company is trying to force this issue by not simply leaving things with a passwords and question/answer.
- Leapfrog_1-3Dec 15, 2023Brass Contributorthe option should be password and question driven with no need for a secondary devise (private phone) or non-work email address(again, private).
Private phones and private email addresses should remain private.
Linking work and private technologies in this ways could mean employees are giving consent to access personal information through implicit consent of the link.