Get a used /cheap phone or tablet, only turn it on or enable wifi when you need the app. Don't use it for anything else. I think that covers all the bases.
this post was submitted on 30 May 2024
206 points (94.0% liked)
Asklemmy
44684 readers
696 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
I managed to get around the MS auth app and am using aegis right now.
If you're in the US, that could very well get you fired in any "at will employment" state. It's shitty, fucked up, and should be illegal, but the legislators seem to represent wealthy corporations way more than they represent their human constituents (GOP especially).
Declare yourself a member of The Church of Emacs and claim your religious rights are being violated.
While itβs not technically safer, MS does make it a lot easier to set policyβs where you check a box for MSAuth.
Since the config is less complex and easier, itβs demonstratably safer to implement it this way.
load more comments
(1 replies)
And here I am wishing they would come out with an authenticator watch app, so I didn't have to do all the work of taking my phone out of my pocket and swiping a few times.
What's needed is an online 2fa service that just takes a username and copies the code to the clipboard.
/s before I get any replies.
load more comments
(8 replies)
I used bluestack to emulate android and us MS Auth when I had no choice.
It's a waste of space, but it doesn't go on your phone at least
You can just use FreeOTP
My company has the same policy
Authentication methods in Entra ID (which is presumably what we are talking about as the identity provider) include Microsoft Authenticator and software otp.
Authenticator is push authentication, as described elsewhere here. If for some reason you're not getting push notifications, you can use an OTP code instead, but this still requires that you have push authentication configured in Microsoft Authenticator.
You can only use Software OTP in other applications if your administrator has explicitly allowed use of Software OTP as an authentication method, and also excluded you from being required to use Authenticatior - otherwise Authenticatior would always 'win' as choice of mechanisms because it is more secure.
Several states in the USA require that employees who are made to use their personal phone for business purposes be compensated. The enforcement method and process for requesting same is naturally very obscure.
We let anyone use any authentication app. The Microsoft one is the best one. I'm pushing to make us exclusive because I'm sick of the IT support guys trying to support a dozen apps. You don't have to use your Microsoft account provided to use the app or back up your credentials.
Iβm pushing to make us exclusive because Iβm sick of the IT support guys trying to support a dozen apps.
While I understand this... Why not just refuse to support and NOT remove the capability for all those who don't need support and work just fine with their own? It's not like TOTP isn't a solved problem at this point.
Eg. "we only support MS auth, If you choose to use your own you will not receive any company support."
Because that shit only works in fantasy land. If you can use it, employees WILL expect support and will repeatedly raise hell if they don't get it. Is a losing battle.
The option to use TOTP is already well hidden. It's not like someone who does not know what he is looking for and uses an Authenticator already will accidentally select it.
load more comments
(1 replies)
load more comments
(8 replies)
Lots of great conversation here, I also work somewhere where this is required. If I didn't need my phone for access to chat, I just wouldn't use it for work. Alternatively, my phone has a work profile so I use that for any work related or non-FOSS apps. My IT guy even approved of my methods and said do the minimum and never more with tech.
If MS Authenticator still works with totp urls just like any other authenticator then you can just use some open source authenticator. Some password managers even have one built it.
At what point can you tax deduct your phone as a business expense?
What is your concern about installing MS Authenticator.
I mean I can understand the principle of being forced to install anything on your phone.
But just stepping into the practical for a second: What do you worry will happen by installing this app to your phone?
200 MB of wasted personal disk space just so you can log in to a work account
load more comments
(2 replies)
I'm not concerned per se and I definitely applaud the MFA requirement. I mean I hate MS and don't like apps I don't need, and I don't trust them, but as others pointed out this would mostly just be whiny. That's why I asked for reasons why restricting users to MS Authenticator would be preferable. If it's more secure or technically way easier and thus cheaper to maintain then fine, I'll find an acceptable way to comply. If not, then it's them who are whiny and I'd rather make the case to let us use whatever authenticator we already have installed.
But MS Authenticator isnβt a normal 6-digit Authenticator; it scans your Face ID (or finger print) and in many cases (like my work) it can be support password less accounts (relying only on something you have and something you are).
And in regard to your point that you donβt want to install apps you donβt need, it sounds like you do in fact need this app.
π€·ββοΈ
load more comments
(1 replies)
load more comments
(5 replies)
load more comments
(4 replies)