To refuse use of personal mobile for work

[Petal12]

Hi all, work are intending on introducing multi factor authentication soon. To enter our system we will now need to verify this by authorising on an app we have been told is to be installed on our personal mobile phones. I used to believe in give and take but the last few years have shown the feeling is not mutual and you are simply a number to be used for as long as useful. I like to think I’m not a petty person but can’t get past this. My main bug bear is that I’ve not been asked, just told! Few other points so as not to drip feed

• Not allowed to log personal devices into the

work WiFi. Why should I use my paid for data to facilitate this? No matter how little it may use. If they do allow me to use the work WiFi, does that mean the internet policy applies when using my phone in breaks i.e I can’t use any number of sites they deem inappropriate?

• My iphone is quite old and has storage issues every week. I would have to delete other apps that I actually use to allow this google authenticator to download.
• It’s another point of them being cheap and cutting corners.
• What if I lose/break my phone?

I’m sure there’s probably security issues that I’ve likely not thought of as well. AIBU?

YANBU

Is it Okta Verify? It's really fucking annoying.

YANBU, when my work implemented this they issued everyone who didn’t have one with a work mobile (before only managers and above had them).

No. Tell them you don't have a mobile with enough gb to download any apps. Do not detour from that. Let them figure it out.

The phone loss point is a bit of a red herring because this would be an issue with whatever phone you use for it; it's just a risk of MFA. I think they are going to have to allow personal devices to use the office WiFi. I find it astounding that they don't already do this, and no, they shouldn't be policing what websites you access (assuming nothing illegal or inappropriate like porn, obviously). It's really not a big deal though. I use my personal phone for work MFA because I don't want a second phone for work.

tell them you don't have a smart phone

I’d quite like a work phone as currently lack of one restricts working from home. I get your point regarding losing it being a red herring but if it was a work one, it would literally stay in my laptop bag or be on my office/home desk so less risky than my own one. I guess it’s just adding to my feeling of being taken advantage of ultimately

YANBU. My current company are trying this shit. They won’t give me a work phone “as l don’t need it”. But then want me to use my personal phone for apps, internet out and about, phone calls, texts etc. I like to keep work and home separate. Plus not use my personal data or minutes

@NorthSouthcatlady how are you pushing back? Unfortunately, I’m in a very male dominated company and the few women who actually stand up to stuff usually get the eye roll and a reputation as trouble makers - I’ve literally just got over the part timers holiday allowance argument whereby a male manager decided part timers got op much!

Hmmmm

There's proper 2FA, and there's 2FA on the cheap.

Proper 2FA can (and should) be implemented in a variety of ways. From a dedicated authenticator dongle (pricey) through an authenticator app (free and doesn't need connectivity) through SMS and voicecall.

If I had a user that couldn't use a phone app for any reason, I'd supply them with a list of pre-saved keys which would be their responsibility to keep safe and use appropriately and let me know when they need refreshing.

Be interested to know which camp the OPs employer falls into.

We have this and use it to log in, both in morning and if we lock our system during the day. Takes 2 seconds each time.

I am someone who is absolutely against having emails on my personal phone as agree on the separation between work and home but an app that takes less than a minute a day, I can’t get worked up about that

I think you are being awkward for the sake of it. Surely you would be on Wi-Fi any time you are using your phone for the two seconds it takes to log in.

MFA is very important - My workplace suffered a serious cyber attack last year, which was almost certainly caused by employees innocently clicking a link in a phishing email. MFA could have prevented the hackers from accessing our systems. The IT department responded very quickly by shutting down our entire network and gradually reopening individual systems over a period of 2 or 3 months once security had been overhauled. It was really disruptive and stressful for everyone. Trust me, you do not want this to happen.

We now have mandatory MFA to access the network. I am happy to use my phone, but employees who don't want that are issued with a digital number generating tag, which does the same job. So no, YANBU.

My employer does this and tbh I’m fine with it.
But I think perfectly reasonable to say that it doesn’t work for you because of lack of data/no smartphone etc and let them figure out an alternative

@DGRossetti I suspect on the cheap! The alternative I’d been told is to verify via internet browser link on my laptop - however this is advised as a last resort, not to be freely communicated with anyone else!

No way, they provide you with a phone.

I have to log on with Microsoft authenticator and often choose to get a text code to my personal phone because its easier than firing up the shitty Samsung i have for work but that's my choice.

We have this and use it to log in, both in morning and if we lock our system during the day. Takes 2 seconds each time.

Seems a tad excessive.

Also 2FA is a bit old hat now anyway. The current idea is "conditional access" (certainly with Microsoft) and 2/MFA is merely one part of it.

@Teeturtle

I think you are being awkward for the sake of it. Surely you would be on Wi-Fi any time you are using your phone for the two seconds it takes to log in.

You don't need WiFi once you've installed an authenticator app. They run standalone.

Just as well I don't work there. I don't have a mobile phone!

@Teeturtle

I think you are being awkward for the sake of it. Surely you would be on Wi-Fi any time you are using your phone for the two seconds it takes to log in.

Absolutely this

You could tell them you don't have a smart phone? They're hardly going to demand you get one.

[quote Petal12]@DGRossetti I suspect on the cheap! The alternative I’d been told is to verify via internet browser link on my laptop - however this is advised as a last resort, not to be freely communicated with anyone else![/quote]
If they want to speak to a grown up, I'm here all week

I refused when my work asked me this. I use the Authy desktop app on my work PC. Need to log a phone number with it so I used the work phone number.

YANBU its their problem to fix

[quote Petal12]@NorthSouthcatlady how are you pushing back? Unfortunately, I’m in a very male dominated company and the few women who actually stand up to stuff usually get the eye roll and a reputation as trouble makers - I’ve literally just got over the part timers holiday allowance argument whereby a male manager decided part timers got op much![/quote]
And if this is the type of battle you pick, I am not surprised at the eye rolling. You are embarrassing yourself.

What on earth are these male dominated industries that involve desk work anyway.