Forum Discussion
MFA without a Cellphone
That's why I suggested giving the option. I would think it would be ok for someone to opt to use their own phone? If so, then giving them a choice I would think the majority would opt to use their own?
Private phones and private email addresses should remain private.
Linking work and private technologies in this ways could mean employees are giving consent to access personal information through implicit consent of the link.
Microsoft already had been sending me the text message code (we were mandated to do that when we were not allowed to come in during the Covid lockdowns), but in addition to the password and my personal cell phone to be sent a code, they are telling us we need to link a personal email account for I do not know what reason because I do not check my work email form my phone, only from the work laptop. That is where I draw the line.
They overstepped with this additional invasion of privacy with this demand so I now refuse to work from home and I refuse to check my email to keep up on work when I am off or away from the office. In the end it is their loss, not mine. I donate much less time to the company now.
The whole goal of this is confirming you are you through something you are (biometric), something you have (a phone or RSA type card), or something you know (unique information only you have knowledge of). Unfortunately, the "something you know" is already taken up by your password. So if you have ANOTHER password, it would just be a duplicate of the same FACTOR - something you know - like a secondary password. Hence the problem. I absolutely hate having to deal with it, but I do understand the reason for it.