Forum Discussion
MFA without a Cellphone
What if you give users the option - Use your personal device for the authenticator app (even for work email maybe?) or the company provides a phone that is ONLY for work and they'd have to have that with them. Given the option, I think most would opt for using their personal device rather then carry an additional device and the problem would be resolved.
We should also not have to provide a corporate phone to a user that will solely be used to authenticate (which may be only once every 60 days) when we already pay for their AD license with Office. Even the cheapest plans require contracts and hundred of dollars a year to maintain just for 1 Employee.
Microsoft already had been sending me the text message code (we were mandated to do that when we were not allowed to come in during the Covid lockdowns), but in addition to the password and my personal cell phone to be sent a code, they are telling us we need to link a personal email account for I do not know what reason because I do not check my work email form my phone, only from the work laptop. That is where I draw the line.
They overstepped with this additional invasion of privacy with this demand so I now refuse to work from home and I refuse to check my email to keep up on work when I am off or away from the office. In the end it is their loss, not mine. I donate much less time to the company now.
The whole goal of this is confirming you are you through something you are (biometric), something you have (a phone or RSA type card), or something you know (unique information only you have knowledge of). Unfortunately, the "something you know" is already taken up by your password. So if you have ANOTHER password, it would just be a duplicate of the same FACTOR - something you know - like a secondary password. Hence the problem. I absolutely hate having to deal with it, but I do understand the reason for it.
- the option should be password and question driven with no need for a secondary devise (private phone) or non-work email address(again, private).
Private phones and private email addresses should remain private.
Linking work and private technologies in this ways could mean employees are giving consent to access personal information through implicit consent of the link. - Do you have a link for the token2 token card you suggest trying?
acjohns1986 Seriously, buy one of the token2 token cards on amazon and give that a try. It worked great for us. It's like $40 and if it doesn't work you aren't out that much, but i'm pretty sure it will work. That was our workaround for this type of situation.
- Well with the recent update I even have employees that have a smart phone but its not quite up to date enough to download the app, so they are also just out of luck? The fact that we purchased software, and this was rolled out after, is a joke.
luvsql Plus not all employees have cell phones - some choose not to [by necessity or preference]. Also there is the issue of people leaving and trying to get access to accounts - that has been a headache - even with resetting accounts - especially on non-MS apps used by the company that are shared log-in but only able to have the one MFA.
That's why I suggested giving the option. I would think it would be ok for someone to opt to use their own phone? If so, then giving them a choice I would think the majority would opt to use their own?
