My company have been using two-factor authentication since Covid when most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being changed and we are all expected to download and install something called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and everything back to Redmond (apparently it's known as telemetrics, I call it spying) I'm reluctant to install anything from them particularly when the app apparently needs access to my contact list, emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone and just a basic Nokia device?
My company have been using two-factor authentication since Covid when
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something
called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I
call it spying) I'm reluctant to install anything from them
particularly when the app apparently needs access to my contact list,
emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone
and just a basic Nokia device?
My company have been using two-factor authentication since Covid when
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something
called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I
call it spying) I'm reluctant to install anything from them
particularly when the app apparently needs access to my contact list,
emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone
and just a basic Nokia device?
My company have been using two-factor authentication since Covid when
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being changed
and we are all expected to download and install something called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I call
it spying) I'm reluctant to install anything from them particularly when
the app apparently needs access to my contact list, emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone
and just a basic Nokia device?
On 19/10/2023 16:24, Tony The Welsh Twat wrote:
My company have been using two-factor authentication since Covid when
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something
called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I
call it spying) I'm reluctant to install anything from them
particularly when the app apparently needs access to my contact list,
emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone
and just a basic Nokia device?
I'm pretty sure MS provides other means of authenticating credentials,
one is via a SMS text.
On 19/10/2023 16:24, Tony The Welsh Twat wrote:
My company have been using two-factor authentication since Covid when
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something
called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I
call it spying) I'm reluctant to install anything from them
particularly when the app apparently needs access to my contact list,
emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone
and just a basic Nokia device?
I and some colleagues objected to the same. My objection was that my
phone was genuinely very slow and I was fearful of adding another app.
I didn't think anything I was doing would attract the attention of
Redmond or indeed anyone even if they did have access to my data. YMMV
This could be an opportunity for the company to provide everyone with a company phone. It's a non-taxable perk too.
On 2023-10-19, Fredxx <fredxx@spam.invalid> wrote:
On 19/10/2023 16:24, Tony The Welsh Twat wrote:
My company have been using two-factor authentication since Covid when
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something
called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I
call it spying) I'm reluctant to install anything from them
particularly when the app apparently needs access to my contact list,
emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone
and just a basic Nokia device?
I'm pretty sure MS provides other means of authenticating credentials,
one is via a SMS text.
That quite likely depends on the settings the IT Administrator
at Tony's employer has configured.
On 19/10/2023 20:03, Jon Ribbens wrote:
That quite likely depends on the settings the IT Administrator
at Tony's employer has configured.
Ok, assuming Microsoft are the lead here and the IT department are
following it, Microsoft do allow for other forms of authentication.
Either way a personal phone is private property and an employer has no
rights over it; where Microsoft are sensible enough to take that into
and provide other methods.
Therefore if the company narrows down it's configuration to just the app
then it's playing silly buggers with its staff. Some employees may not
even have a mobile phone, and less likely to have a smart one.
On 19/10/2023 20:03, Jon Ribbens wrote:
On 2023-10-19, Fredxx <fredxx@spam.invalid> wrote:
On 19/10/2023 16:24, Tony The Welsh Twat wrote:
My company have been using two-factor authentication since Covid when
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something
called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I
call it spying) I'm reluctant to install anything from them
particularly when the app apparently needs access to my contact list,
emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone >>>> and just a basic Nokia device?
I'm pretty sure MS provides other means of authenticating credentials,
one is via a SMS text.
That quite likely depends on the settings the IT Administrator
at Tony's employer has configured.
Ok, assuming Microsoft are the lead here and the IT department are
following it, Microsoft do allow for other forms of authentication.
Either way a personal phone is private property and an employer has no
rights over it; where Microsoft are sensible enough to take that into
and provide other methods.
Therefore if the company narrows down it's configuration to just the app
then it's playing silly buggers with its staff. Some employees may not
even have a mobile phone, and less likely to have a smart one
My company have been using two-factor authentication since Covid when most of us have worked from home.contact list, emails and photos.
You log into the corporate VPN and you are sent a code to your mobile which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being changed and we are all expected to download and install something called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and everything back to Redmond (apparently it's known as telemetrics, I call it spying) I'm reluctant to install anything from them particularly when the app apparently needs access to my
Can I challenge this proposal? What if I didn't have a "smart" phone and just a basic Nokia device?
It has all become a bit messy with the vulnerabilities that BYOD has introduced in the post-Covid era. My own take is that company mandated software should not be required on your personal possessions. YMMV
On 19/10/2023 22:50, Fredxx wrote:
On 19/10/2023 20:03, Jon Ribbens wrote:
That quite likely depends on the settings the IT Administrator at
Tony's employer has configured.
Ok, assuming Microsoft are the lead here and the IT department are
following it, Microsoft do allow for other forms of authentication.
Either way a personal phone is private property and an employer has no
rights over it; where Microsoft are sensible enough to take that into
and provide other methods.
Therefore if the company narrows down it's configuration to just the
app then it's playing silly buggers with its staff. Some employees may
not even have a mobile phone, and less likely to have a smart one.
Authenticator is a specific app for use in precise circumstances.
I use the Google version, rather than the Microsoft version, but the principle is the same and I use it, for example, to employ MFA with my
HMRC account.
When I launch he Authenticator app, each account with which it is
configured to work, (I've already mentioned HMRC, but, perversely, I
also use *Google* Authenticator to login to my *Microsoft* account
amongst others), displays a six digit code and a circle which disappears
over the course of 30 seconds whereupon it generates a new six digit
code. (The circles allow one to determine if one has enough time to
enter the code before it expires.)
If you Google "Microsoft Authenticator" or indeed "Google Authenticator"
a world of knowledge will be opened to you.
Regards
S.P.
On 19/10/2023 22:50, Fredxx wrote:
On 19/10/2023 20:03, Jon Ribbens wrote:
That quite likely depends on the settings the IT Administrator
at Tony's employer has configured.
Ok, assuming Microsoft are the lead here and the IT department are
following it, Microsoft do allow for other forms of authentication.
Either way a personal phone is private property and an employer has no
rights over it; where Microsoft are sensible enough to take that into
and provide other methods.
Therefore if the company narrows down it's configuration to just the app
then it's playing silly buggers with its staff. Some employees may not
even have a mobile phone, and less likely to have a smart one.
Authenticator is a specific app for use in precise circumstances.
I use the Google version, rather than the Microsoft version, but the principle is the same and I use it, for example, to employ MFA with my
HMRC account.
When I launch he Authenticator app, each account with which it is
configured to work, (I've already mentioned HMRC, but, perversely, I
also use *Google* Authenticator to login to my *Microsoft* account
amongst others), displays a six digit code and a circle which disappears
over the course of 30 seconds whereupon it generates a new six digit
code. (The circles allow one to determine if one has enough time to
enter the code before it expires.)
On 2023-10-20, Simon Parker <simonparkerulm@gmail.com> wrote:
On 19/10/2023 22:50, Fredxx wrote:
On 19/10/2023 20:03, Jon Ribbens wrote:
That quite likely depends on the settings the IT Administrator at
Tony's employer has configured.
Ok, assuming Microsoft are the lead here and the IT department are
following it, Microsoft do allow for other forms of authentication.
Either way a personal phone is private property and an employer has no
rights over it; where Microsoft are sensible enough to take that into
and provide other methods.
Therefore if the company narrows down it's configuration to just the
app then it's playing silly buggers with its staff. Some employees may
not even have a mobile phone, and less likely to have a smart one.
Authenticator is a specific app for use in precise circumstances.
I use the Google version, rather than the Microsoft version, but the
principle is the same and I use it, for example, to employ MFA with my
HMRC account.
When I launch he Authenticator app, each account with which it is
configured to work, (I've already mentioned HMRC, but, perversely, I
also use *Google* Authenticator to login to my *Microsoft* account
amongst others), displays a six digit code and a circle which
disappears over the course of 30 seconds whereupon it generates a new
six digit code. (The circles allow one to determine if one has enough
time to enter the code before it expires.)
That isn't the only way the Microsoft (or Google) authenticator apps
work, though. As well as the Time-based One Time Password mode you're describing, they have proprietary "just press 'Approve' to confirm the
login" modes. Which modes are available is most likely up to the IT administrator at the employer.
That isn't the only way the Microsoft (or Google) authenticator apps
work, though. As well as the Time-based One Time Password mode you're describing, they have proprietary "just press 'Approve' to confirm
the login" modes. Which modes are available is most likely up to the
IT administrator at the employer.
I recommend informing your employer that you do not wish to install the
App on your phone (without giving a reason), but state that you are
happy to comply with their increased security protocols suggesting that instead of asking that you install an App on your phone, that they
provide you with a OATH hardware token which will perform precisely the
same function.
They are obliged to provide you with the first token without charge but, providing it is permitted in your contract of employment, (and the
likelihood is that it will be), they can charge for a replacement if you
lose or damage it. They have a battery which will run out in a few
years. Your employer will need to replace if without charge when this happens.
Regards
S.P.
IT have announced that as of 1st November, this process is
being changed and we are all expected to download and install
something called the Microsoft Authenticator App.
Can I challenge this proposal?
What if I didn't have a "smart"
phone and just a basic Nokia device?
On Thu, 19 Oct 2023 08:24:20 -0700 (PDT), Tony The Welsh Twat <tonythewelshtwat@gmail.com> wrote:
IT have announced that as of 1st November, this process is being changed >>and we are all expected to download and install something called the >>Microsoft Authenticator App.
It doesn't have to be Microsoft Authenticator App. Despite what you have
been told, any authentication app will work equally well. They are all considerably more secure than SMS 2FA. Personally, I use Google Authenticator, although if you want something unconnected to any of the
big names then Authy has very good reviews.
My company have been using two-factor authentication since Covid when most of us have worked from home.contact list, emails and photos.
You log into the corporate VPN and you are sent a code to your mobile which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being changed and we are all expected to download and install something called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and everything back to Redmond (apparently it's known as telemetrics, I call it spying) I'm reluctant to install anything from them particularly when the app apparently needs access to my
Can I challenge this proposal? What if I didn't have a "smart" phone and just a basic Nokia device?
On 19/10/2023 16:24, Tony The Welsh Twat wrote:
My company have been using two-factor authentication since Covid whenOthers have given you some useful information and advice.
most of us have worked from home.
You log into the corporate VPN and you are sent a code to your mobile
which you then enter and begin your working day.
I don't have an issue with this approach; the company have my mobile
number and so getting a text every morning is no big deal.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something
called the Microsoft Authenticator App.
Now, given that Microsoft are heavily into sending anything and
everything back to Redmond (apparently it's known as telemetrics, I
call it spying) I'm reluctant to install anything from them
particularly when the app apparently needs access to my contact list,
emails and photos.
Can I challenge this proposal? What if I didn't have a "smart" phone
and just a basic Nokia device?
All I can say is that I had an email account while volunteering for a charity, and the computer support people insisted that we used the
Microsoft Authenticator, out of an abundance of caution, even though
there was nothing very confidential to discuss.
I found it to be a nuisance, because in a similar way to the "reCAPTCHA" method, it delays what you are doing and forces you to go through a
procedure that it is easy to get wrong. Especially if your Authenticator
app isn't conveniently to hand and you're trying to log into your
mailbox on a laptop. And occasionally the Authenticator has uncoupled
from my email address and asked me to scan a QR code (with what, given
that the QR code is displayed on my phone?) or reinstall the
Authenticator.
But if a computer support technician advises that it has to be used,
nobody dares to challenge that opinion.
On Fri, 20 Oct 2023 23:18:11 +0100, Mark Goodge wrote:
On Thu, 19 Oct 2023 08:24:20 -0700 (PDT), Tony The Welsh Twat
<tonythewelshtwat@gmail.com> wrote:
IT have announced that as of 1st November, this process is being changed >>>and we are all expected to download and install something called the >>>Microsoft Authenticator App.
It doesn't have to be Microsoft Authenticator App. Despite what you have
been told, any authentication app will work equally well. They are all
considerably more secure than SMS 2FA. Personally, I use Google
Authenticator, although if you want something unconnected to any of the
big names then Authy has very good reviews.
The latest incarnation of Google Authenticator keeps a copy of your 2FA
seeds in your Google account. Which means switching to a new device is >trivial.
IT have announced that as of 1st November, this process is being
changed and we are all expected to download and install something called
the Microsoft Authenticator App.
Tony The Welsh Twat wrote:
IT have announced that as of 1st November, this process is beingIgnoring the legal aspect and speaking of the technical aspect ...
changed and we are all expected to download and install something called the Microsoft Authenticator App.
In my experience, websites which claim to require a specific TOTP app
(most frequently Google's or Microsoft's), will work with other generic
TOTP authenticators, e.g. EnPass is a password safe that installs onto a
PC and includes TOTP functionality, there are many others ...
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 43:57:20 |
Calls: | 6,709 |
Calls today: | 2 |
Files: | 12,243 |
Messages: | 5,354,027 |