So my company decided to migrate office suite and email etc to Microsoft365. Whatever. But for 2FA login they decided to disable the option to choose “any authenticator” and force Microsoft Authenticator on the (private) phones of both employees and volunteers. Is there any valid reason why they would do this, like it’s demonstrably safer? Or is this a battle I can pick to shield myself a little from MS?

        • nickwitha_k (he/him)@lemmy.sdf.org
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          You might not own the company but do you like job hunting, the prospect of having the stigma of being the guy who caused a breach following you around, or screwing over your coworkers’. Noone is an island.

          • YⓄ乙 @aussie.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            6 months ago

            Lol what are you talking about ? Stigma ,screwing over coworkers ? Lol dude you need to relax and get out of your room, make friends and hangout with them. It looks like you have made work ,your friend. Take my advice yea, all 9-5s are just a number including you hence you have an employee number. Do your 9-5 and go home yea. Don’t get too involved coz 9-5s are easily replaceable.

            • nickwitha_k (he/him)@lemmy.sdf.org
              link
              fedilink
              arrow-up
              0
              ·
              6 months ago

              Weird seeming personal attack there. In case it is defensiveness from a perceived attack from myself, that’s not what was intended. My intent was to point out the potential consequences of viewing it in such a seemingly myopic way.

              • Job hunting and stigma: If one’s accounts are found to be the cause of a breach, and it is found to be due to negligence, there’s a good chance of that resulting in a firing. Being fired due to security-related negligence is likely to make it a challenge to get past screening when hunting for a job (that’s what I mean by stigma). And finally, job hunting fucking sucks, in my opinion.

              • Screwing over co-workers: You don’t have to be friends to care about how your action or inaction impacts others. Being the cause of a breach has a real possibility of getting people laid off, if the scope is significant. Maybe less of a big deal if you’re in most countries outside of the US but, here, the ramifications are pretty substantial. For example, I work with several people who are undergoing chemotherapy or who have spouses needing medical care. If laid off, health insurance evaporates and now they literally cannot afford the treatments necessary to live. Others have mortgages or rent to pay. Execs are not even going to entertain the idea of taking on the responsibility that is claimed to be the reason for their absurd pay.

              Yes, it is healthy to set boundaries between your work life and personal life and to leave work at work. But, like I said, noone is an island, our actions in our work life can have profound impacts on others.

              • YⓄ乙 @aussie.zone
                link
                fedilink
                English
                arrow-up
                0
                ·
                6 months ago

                WoW! You actually need help. Its not an attack, i genuinely feel like there’s something wrong with you and you should see a therapist so that you can understand , accept and acknowledge the issue.

                Are you autistic by any chance ? I feel like you have made “work” the purpose of your life. Like without cybersecurity, there’s no purpose in life.

                I wish I could help you but I am no exoert. Please go see a therapist, please.

      • Hirom@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        If the company cared, they would provide MFA hardware like Yubikeys to their employees.

    • Hirom@beehaw.org
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      That’s the solution I picked at work. Refused to install that Microsoft software on my personal phone, but instead provided a phone number.

      If you have a VoIP provider you could even try to provider the VoIP number for MFA instead of providing your real mobile number.

      If IT make a comment about you not having the app, ask if they intend to provide a company device for that.