213
submitted 6 months ago by Martin@lemmy.ml to c/asklemmy@lemmy.ml

So my company decided to migrate office suite and email etc to Microsoft365. Whatever. But for 2FA login they decided to disable the option to choose "any authenticator" and force Microsoft Authenticator on the (private) phones of both employees and volunteers. Is there any valid reason why they would do this, like it's demonstrably safer? Or is this a battle I can pick to shield myself a little from MS?

you are viewing a single comment's thread
view the rest of the comments
[-] Amanduh@lemm.ee 4 points 5 months ago

You can't just have microsoft text you a code? That's what I do

[-] nickwitha_k@lemmy.sdf.org 3 points 5 months ago
[-] yoz@aussie.zone 3 points 5 months ago

Wish I gave a shit. I don't own the company so fuck it

[-] nickwitha_k@lemmy.sdf.org 1 points 5 months ago

You might not own the company but do you like job hunting, the prospect of having the stigma of being the guy who caused a breach following you around, or screwing over your coworkers'. Noone is an island.

[-] yoz@aussie.zone 1 points 5 months ago

Lol what are you talking about ? Stigma ,screwing over coworkers ? Lol dude you need to relax and get out of your room, make friends and hangout with them. It looks like you have made work ,your friend. Take my advice yea, all 9-5s are just a number including you hence you have an employee number. Do your 9-5 and go home yea. Don't get too involved coz 9-5s are easily replaceable.

[-] nickwitha_k@lemmy.sdf.org 1 points 5 months ago

Weird seeming personal attack there. In case it is defensiveness from a perceived attack from myself, that's not what was intended. My intent was to point out the potential consequences of viewing it in such a seemingly myopic way.

  • Job hunting and stigma: If one's accounts are found to be the cause of a breach, and it is found to be due to negligence, there's a good chance of that resulting in a firing. Being fired due to security-related negligence is likely to make it a challenge to get past screening when hunting for a job (that's what I mean by stigma). And finally, job hunting fucking sucks, in my opinion.

  • Screwing over co-workers: You don't have to be friends to care about how your action or inaction impacts others. Being the cause of a breach has a real possibility of getting people laid off, if the scope is significant. Maybe less of a big deal if you're in most countries outside of the US but, here, the ramifications are pretty substantial. For example, I work with several people who are undergoing chemotherapy or who have spouses needing medical care. If laid off, health insurance evaporates and now they literally cannot afford the treatments necessary to live. Others have mortgages or rent to pay. Execs are not even going to entertain the idea of taking on the responsibility that is claimed to be the reason for their absurd pay.

Yes, it is healthy to set boundaries between your work life and personal life and to leave work at work. But, like I said, noone is an island, our actions in our work life can have profound impacts on others.

[-] yoz@aussie.zone 1 points 5 months ago

WoW! You actually need help. Its not an attack, i genuinely feel like there's something wrong with you and you should see a therapist so that you can understand , accept and acknowledge the issue.

Are you autistic by any chance ? I feel like you have made "work" the purpose of your life. Like without cybersecurity, there's no purpose in life.

I wish I could help you but I am no exoert. Please go see a therapist, please.

[-] nickwitha_k@lemmy.sdf.org 1 points 5 months ago

Are you autistic by any chance ? ... Please go see a therapist, please.

Actually, quite likely on the spectrum and diagnosed with ADHD (this is a major contributor to my verbosity, so apologies if it comes across as a big rant). I do have a therapist indeed and have found it very helpful - highly recommend it if you're in need. Not sure why this is relevant.

Maybe we're hitting a bit of an "impedence mismatch" here. I suspect, partly as you're coming through from an Aussie instance that it may be partly due to a lack of context on how fucked things are, labor-wise in the States. Healthcare here is tied to one's employment, intentionally. It is technically possible to get insurance through a public exchange but, practically speaking, it's not going to do much, especially if one has chronic or severe health problems. Also, we have very poor protections against firings and layoffs (most US labor contracts are pretty well one-sided).

Is work the purpose of my life? Fuck no. I have, however, been repeatedly screwed over, job-wise, by things outside of my control (Recession, offshoring, mergers, untreated ADHD). It is pretty awful, if you haven't yourself, I recommend giving the experience a pass. This has made me acutely aware of the impact that my actions can have on others, not just the immediate but also the secondary and tertiary impacts. I'm also the primary income for my household, so, that rather raises the stakes a bit.

Put these things together with the fact that I now have have coworkers who will literally die without medical care (insurance through work - so cancer patients have to have a job or a spouse with great coverage) and it should paint a good picture for someone with a healthy dose of empathy. Because of how labor is structured in the US, screwing up in a manner that has a big impact on the company means that I could be killing someone indirectly. Should that kind of thing be an employee's responsibility? No. But that's the reality of it. Actions have consequences within the system that one operates in, fair or not.

As for cybersecurity, somewhat fair. I'm not fixated on it but do definitely have a more significant interest than most. With the overall increase in cyberattacks on companies, states, and individuals, I'd recommend everyone being more security conscious.

[-] Hirom@beehaw.org 2 points 5 months ago* (last edited 5 months ago)

If the company cared, they would provide MFA hardware like Yubikeys to their employees.

[-] nickwitha_k@lemmy.sdf.org 1 points 5 months ago

True. App-based is a bit more secure than SMS but nothing beats hardware.

[-] Amanduh@lemm.ee 1 points 5 months ago

Oh, well they let us do it at work so idk

[-] Hirom@beehaw.org 2 points 5 months ago* (last edited 5 months ago)

That's the solution I picked at work. Refused to install that Microsoft software on my personal phone, but instead provided a phone number.

If you have a VoIP provider you could even try to the VoIP number for MFA instead of providing your real mobile number.

If IT make a comment about you not having the app, ask if they intend to provide a company device for that.

this post was submitted on 30 May 2024
213 points (100.0% liked)

Asklemmy

43957 readers
1019 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS