Forum Discussion
MFA without a Cellphone
What if you give users the option - Use your personal device for the authenticator app (even for work email maybe?) or the company provides a phone that is ONLY for work and they'd have to have that with them. Given the option, I think most would opt for using their personal device rather then carry an additional device and the problem would be resolved.
MatthewShulmansorry, but on my private phone I donĀ“t install any that belongs to my job. PRIVATE is PRIVATE
- not the same, i can leave my phone at home everyday, or pretend i don't have one, you can't force it as a company. I think you're just looking for the easy way out, 50% of Americans don't have a mobile phone.
- The point it, private is private & work is work. Don't force an employee to link the technologies. With all this hoopla I am starting to wonder why a software company is trying to force this issue by not simply leaving things with a passwords and question/answer.
cpbowcpbow The Authenticator app doesn't require or need any form of network connection if you select the OTP (Code method). Once registered to the user account - it constantly generates codes every 30 seconds or so based on an algorithm or seed which was linked with Azure at time of registration. So when a webpage displays "Enter the Code from your Authenticator" type message - it already knows what the correct code should be - and if you type in the correct code shown in the app - then you get access. The App itself doesn't need to transmit that code to Azure.
cpbowcpbow Yes the app will work with just wifi.
- I have a question: I currently have a cell phone (but no phone number); hence for the moment, I have only WiFi access (at home, work, or elsewhere). If I put the auth app on my phone, would my company's MS mail server be able to send a code to the app if I was on WiFi? I have read a bit here on the MS site, and I haven't seen this discussed.
Until just a couple months ago, I had a T-mobile account that gave me 100 texts, after which is was 10 US cents/text; my impression this was to send OR receive. I text rather rarely and it was an unusual month that I sent received > 20 texts. However, if I had to receive an MFA text, possibly even >once per day, I'd be over the free allotment. It wouldn't be that much, but not negligible, either. I expect my next plan to have unlimited texting, but a company should not assume this. While I am waffling on cell phone carrier, I've been unable to access my company's email for almost 2 weeks. (They dropped the receive call at land line option, because the found it to be unreliable.) I work in a lab and can get by without constant email access, but at least once I didn't know of a data need as quick as I should have. Companies need to consider whether everyone has (free) access to texts.
luvsql Not to mention that on top of that half the office I support they don't receive mobile signal anyway - work or personal mobile phone won't work
- If Microsoft would make it easier for businesses to buy USB or Fobs for MFA we wouldn't be having this conversation. I still haven't figured it out and it now seems we have to switch to passwordless but just want a way to authenticate without a phone. Cleary there is a need.
- Agree its not reasonable for business to force any employee to meet business goals.
But do these employees / associates never use business resources (internet / pc etc.) to for personal use ? Chet2142
It seems this day and age that expecting one to have a cell phone is akin to expecting them to have a car or other means to get to work. If there's laws that prevent it, that's one thing but otherwise I think it is very reasonable for a business to require an MFA app or text to login. If one does get charged for the texts, then a simple solution is to allow them to expense that cost.Even if the carrier doesn't charge for text messages it's besides the point. The business plan shouldn't be to require your employee have a personal cell phone. While nearly everyone out there does you do have some that wont. Many services require the consumer to have a cell phone for MFA. But that is them providing a service to a consumer. That consumer could choose to not enable MFA or not use that service. We are talking about associates being required to do something to improve security for that business. Unless you have them on a business cell plan the requirement (or provide them a kickback on their personal cell plan) to use a personal phone to perform an expected work function is wrong. Vicks1x365
- In Canada they sure do.
luvsql I don't think any carrier charges for incoming TEXT even when travelling abroad , its only when you send out.
I used to travel a lot and never got charged for receiving the TEXT (SMS).
- No nothing is installed, however, you are now using a personal phone's SMS package for business use and also setting up an Employee's personal cellphone number on the employee's setup. We cannot legally require an Employee to use their personal cellphone for business use. Add into this issue the Employee travels outside of their home country and if those texts start happening, we (the business) may now be liable to pay for those charges. It's a big mess that many companies do not want to even get involved with.
ho_canarias Well, with MFA you aren't installing anything... All it's doing is sending a code to your phone when you go to log in to your work email. It's a standard security feature in many apps these days.
