Forum menu
Fundamentally, I think the issue is that TJ himself either doesn't or won't understand what the request actually entails.
... as evidenced by "Some of you would refuse to put work email or teams on your personal phone - how is my stance different?"
They are wildly different. If you don't understand how then that right there is the problem which has tied up three pages of discussion.
But as it is it's a viewpoint born - by his own admission - from a point of ignorance,
No its not - its a simple hard line. work do not get to use my property for anything ever. Its nothing to do with what the thing is. I do not want work to tell me what I have to do with my own property
I do not know how to explain this any clearer.
They are wildly different. If you don't understand how then that right there is the problem which has tied up three pages of discussion.
the principle is the same. Work mandating how you use yor personal property. Its nothing to do with what the app is. Its a hard line. this is my personal property and I do not want work telling me what I have to put on it.
its nothing to do with the function of the app - its the principle
No it shows you do not understand my point. Its using my personal property for work purposes. Its nothing to do with what that usage is. Its that I do not want work to use my personal property for any purpose.
Passes and keys are not my personal property. Thats not the same in any way
No you aren't understanding. its like giving you a key which you put in your pocket or a pass that you put in your wallet (or a password you store in your brain). An authenticator app is the key/pass - you are simply storing that in a convenient location. You are essentially saying "I won't accept a key/pass to the system because I don't want to put it in MY pocket". In your case your scrubs pocket is probably NHS property just like a company phone so that would be unreasonable. But for someone who is required to wear their own clothes this is just an extension of that - you are given a digital unlocking mechanism which you are required to store on the item you are expected to have anyway.
No you aren't understanding
I do - its you that is missing my point. I completely understand what the app is ( but not how it works) You guys seem to be unable to grasp my point. I do not want work to tell me that I have to install something on my personal phone. It does not matter to me what that thing is
Its not about the practicality, its about the principle
I give in.
If your work gave you a locker, and the only way to open it (the key if you will) was via an app on your phone you'd presumably turn it down?
But if they gave you an actual key, you'd accept it, and presumably add it to your key ring for your own convenience?
In both of those scenarios the 'key' nominally is a work tool that they've asked you to use, just one is physical and the other electronic, they otherwise do exactly the same thing Turning one down and accepting the other isn't logical. It's your choice of course, but it's completely arbitrary
No you aren't understanding
I do - its you that is missing my point. I completely understand what the app is ( but not how it works) You guys seem to be unable to grasp my point. I do not want work to tell me that I have to install something on my personal phone. It does not matter to me what that thing is
Its not about the practicality, its about the principle
I give in.
We get your point, we (or certainly I) just think it's an unreasonable point. You asked what the difference was between those who would accept MFA but not Teams or email etc on their device - the difference is what I explained.
I'm fine with you having a contrary view - just so long as you aren't telling people that employers CAN'T do this. You are normally quite a reliable source for HR matters. They can and they do. You don't have to be employed, or employed in a job that requires you to log in to company computers. They don't have to employ you! It's reasonable for them to have security measures, and it doesn't seem unreasonable that if they allow personal phones in the workplace that they ask these are used to verify identity during login to their systems. As discussed several pages ago most IT departments will find some old phone for people who genuinely have no suitable device or are just awkward. I believe its useful for people who are awkward to be aware that other people roll their eyes at them.
I've said this before, but the only people happier than Jeremy when he retired were his managers😂
Slightly OT, but going back to something that's been mentioned, my last work place were too tight to supply people with batteries for wireless keyboards and mice. I strongly objected to using my own money to purchase supplies so I could do my job, so requested to be supplied with wired keyboard and mouse, and thankfully was obliged.
Still wouldn't object to the authenticator app tho 🙂
I asked my other half, and she said she'd object to it too, so you're not entirely alone TJ 🙂
I guess if you already use one and understand the basics of how they work, and can see it conceptually in contemporary terms it's a non issue.
Once more with feeling, then I give up. I'm getting a flat forehead.
Say you already have a personal phone in one of those wallet-style gatefold cases that used to be popular, the ones with little slots inside for a couple of bank cards and an emergency tenner. Work issues you with a credit card sized ID card which you are required to have with you at all times whilst working. Work suggests that for safekeeping you keep the ID card in one of the currently empty slots in your phone case. Would you consider this to be an unreasonable request?
For the sake of argument let's assume that you're allowed to carry personal devices at work, indeed most employees routinely do just that. Also, this isn't a mandate but a strong recommendation for your convenience; otherwise they will provide you on demand a second wallet twice the size of your existing phone to minimise the chance of card loss or someone else 'borrowing' it, but whichever route you choose you MUST have the card on your person protected by a wallet at all times from the start to the end of your shift, this is immutable. This card would be the only thing allowed inside a work-provided wallet, the rest of the slots have been sewn shut.
Passes and keys are not my personal property.
... aside from the key for your self-provided locker padlock (assuming it's not a combo lock). You never did tell us what you did with that when you went home.
I do not want work to tell me that I have to install something on my personal phone.
Bingo.
They aren't. They're asking you to use something which, if you have any sense, you should already have installed.
my last work place were too tight to supply people with batteries for wireless keyboards and mice.
I'd just ring IT every time they stopped working. See how long that policy lasted.
Its using my personal property for work purposes. Its nothing to do with what that usage is. Its that I do not want work to use my personal property for any purpose.
Do you wear pants to work? If so do your employers pay for your pants?
Do you wear glasses at any time? If so do you wear them at work? If so do your employers pay for your glasses?
Do you keep any work related information (i.e. the phone number of someone at work, or your schedule, .... anything) on your phone? If so have you asked your employers to pay for your phone?
I'm getting a flat forehead.
You and me both. I've given up trying to explain a principle I have 🙂
All these weird so called parallels. Nowt to do with it. None of them are work mandating what I have to do with my personal property
Do you wear pants to work? If so do your employers pay for your pants?
Thats me using my personal property. Not work
Do you wear glasses at any time? If so do you wear them at work? If so do your employers pay for your glasses?
No and if you need glasses to use the computer at work then work pays for them under VDU regs
Do you keep any work related information (i.e. the phone number of someone at work, or your schedule, .... anything) on your phone?
No
Only after I retired did I put her number on my phone 🙂
Edit - well maybe a couple of weeks before 🙂 but that was for my use not for work use. Again not analogous. Nothing on my phone was for works use
The business isn't telling you what to do with your own property. It's giving you a key to unlock things. Same as your locker key (which work might give you) it's just in electronic form instead of a physical object.
The business isn't telling you what to do with your own property.
Yes it is - its saying I have to put this app on my phone for their convenience
The business isn't telling you what to do with your own property. It's giving you a key to unlock things.
That key is pretty useless without the phone though, no? If you need a phone for work, it should be supplied or paid for.
I am not going to answer anymore. For some weird reason you guys are trying to tell me my ( admittedly extreme) principles are wrong. Its my principles
Do you wear glasses at any time? If so do you wear them at work? If so do your employers pay for your glasses?
No and if you need glasses to use the computer at work then work pays for them under VDU regs
Pedant mode - they must pay for the test. If the test says you need specific glasses for the VDU work then they must pay for them but if your ordinary distance or reading glasses do the job they don't have to pay. Accordingly I use my personal glasses to be able to see what I am doing at work. They are of course only required to provide the most basic glasses and frames.
Despite this, my employer provides a generous private medical package that includes £250 every 2 years towards glasses (for any purpose). Its the sort of give and take that means our staff are less likely to squabble over who paid for their biro or if they can install an app.
Its the sort of give and take that means our staff are less likely to squabble over who paid for their biro or if they can install an app.
This. I don’t mind using my own bottle opener to open the beer that work provide.
...its like giving you a key which you put in your pocket .... An authenticator app is the key/pass - you are simply storing that in a convenient location. You are essentially saying "I won't accept a key/pass to the system because I don't want to put it in MY pocket".
@poly sums it up perfectly in my opinion. The 'solution' of asking IT for a work phone is then the equivalent of them providing a second pair of trousers for you to wear at the same time as your personal trousers - simply so you can use a 'work' pocket. Utterly bonkers.
Also, isn't TJ 100% retired? There's a huge number of posts in this thread that refer to his work in the present tense. I think this is a lot less relevant to the mad old bugger than a lot of people are appreciating.
The 'solution' of asking IT for a work phone is then the equivalent of them providing a second pair of trousers for you to wear at the same time as your personal trousers - simply so you can use a 'work' pocket. Utterly bonkers.
Well, that's just more false equivalence nonsense. You can choose to go to work without your own phone (or at least you should be able to, if you're an employee)... I wouldn't suggest you travel to work without your trousers on. You shouldn't be made to use your own phone for work... of course the convenience of having work apps on your own phone (one device for everything) is welcome and normal for many people. Don't force your choice to merge personal and work technology onto all workers... many want and need that work/life divide.
Hmm... sudden Severance vibes.
Also, isn't TJ 100% retired? There's a huge number of posts in this thread that refer to his work in the present tense. I think this is a lot less relevant to the mad old bugger than a lot of people are appreciating.
Not a good avertisement for retirement is it? No relevance to him and yet still fully engaged with a conversation about it online - you need a garden or something man!
Yes it is - its saying I have to put this app on my phone for their convenience
How many more times? No they aren't, they're asking you to utilise an app which you really should already have.
It's nothing to do with your principles. We all understand your principles and most of us agree with them. Rather it's everything to do you with you catastrophically failing to understand what's actually being requested (and refusing to admit it).
If they asked you to add an emergency phone number would you be kicking off because you thought that you first had to install a telephone app?
I'm done, I have to go out. Fight amongst yourselves, this is absurd now.
How do you log into your internet bank TJ? userrname, password and ???
It's the ??? that's being discussed here
Yes it is - its saying I have to put this app on my phone for their convenience
How many more times? No they aren't, they're asking you to utilise an app which you really should already have.
It's nothing to do with your principles. We all understand your principles and most of us agree with them. Rather it's everything to do you with you catastrophically failing to understand what's actually being requested (and refusing to admit it).
If they asked you to add an emergency phone number would you be kicking off because you thought that you first had to install a telephone app?
I'm done, I have to go out. Fight amongst yourselves, this is absurd now.
It certainly seems to creeped away from petty 🤣
As a counter-point I use MFA at home but it's through my password vault app and in the OP's example it would be adding another app to my phone for the employer's convenience. The password app will work with all he major players but it does depend on the admin settings in use by the employer for this to work in OP's example.
I get to run the work set-up and I accept that some people don't want anything work related on their phones. We have a work mobile for those people, my employer has to be dragged to add things for his business to his phone. 😱
Rather it's everything to do you with you catastrophically failing to understand what's actually being requested (and refusing to admit it)
TBF that shouldn't come as a surprise to literally anyone who's been on here for more than 5 minutes 😉
Hey, you've got to allow me an occasional subtle one. 😁
(ta)
Contrary to much of what people say here, I actually don't think you should mix work and personal software tokens in the same place. I use Microsoft Authenticator for my work SSO, but keep all my personal tokens elsewhere (albeit accessible on my devices including on my phone).
Slightly off topic I guess, but which devices do you keep your separate tokens on? Do you have a personal mobile with only your personal stuff on, or does your personal mobile synch to you work device?
Just from a quick glance, i have Google Authenticator for a bunch of places that support that on my personal mobile (even though some of them are te1chnically work sites) and MS Authenticator only on my work device (because I only require that for work.
Do you do something similar? I ask because finding and solving users' painpoints is a good thing in my book.
They need to give you a work phone if they want you to use a phone for work. Not a chance I would do that.
You must have had some crappy employers over the years if you wouldn't want to support such a basic request, there's no invasion of privacy, no liberties being taken, it seems a perfectly reasonable request to me, and the path of least resistance to helping to secure access to a system or service...
I'd wager the people who say it's an invasion of their personal space are quite happy to have that 'personal space' sat on their desk while they are at work.
Contrary to much of what people say here, I actually don't think you should mix work and personal software tokens in the same place.
Any particular reason?
It makes sense to me you use an authenticator on a personal phone if you don't have a work phone. Where I work if you can't do either (or other restrictions preclude the use of a mobile device in certain areas) you get issued wither a YubiKey or RSA token (depending on the system you're accessing). An authenticator is a bit easier to use as you only need to remember your phone unlock code (or have a thumb handy...) whereas hard tokens also involve a PIN of some sort (I'm saying this as someone who accesses over 10 air-gapped systems on a regular basis and some I have 3 sets of credentials in...)