Sick of 2FA
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
passive aggressive : enter a wrong password a couple of times until your machine locks up and wait a few hours until IT deigns resetting it. :rolleyes: Hopefully, it's a one shot annoyance, once everything is setup, it should not be a big issue. We had a few people with no cell phones for 2FA.. that pissed IT. :-D
CI/CD = Continuous Impediment/Continuous Despair
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
To make it worse, now you're expected to use your personal phone for work, for that reason. Used to be keeping things separate was the way to go.
Jeremy Falcon
-
To make it worse, now you're expected to use your personal phone for work, for that reason. Used to be keeping things separate was the way to go.
Jeremy Falcon
My personal phone has all kind of issues. First, when asked to use it for work I whip out my trusty Nokia Lumia: what does it mean there is no app for that? Fix it! Second, my Samsung phone has a custom ROM (not) with all kind of stability issues (not) and loses phone calls, SMS, messages, reboots randomly, sometimes freezes completely. Sorry I didn't receive any call, what do you mean I didn't answer? Same goes for my personal PC. It never, ever works and often won't even boot.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
-
My personal phone has all kind of issues. First, when asked to use it for work I whip out my trusty Nokia Lumia: what does it mean there is no app for that? Fix it! Second, my Samsung phone has a custom ROM (not) with all kind of stability issues (not) and loses phone calls, SMS, messages, reboots randomly, sometimes freezes completely. Sorry I didn't receive any call, what do you mean I didn't answer? Same goes for my personal PC. It never, ever works and often won't even boot.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
Yeah, my last boss got hold of my mobile number because we had to meet up under promises that he'd forget it immediately afterwards. Being the trusting sort I am, I immediately changed the number. A month later he was badgering me for the new number as it "didn't work when he tried it on Sunday". :-D
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
My personal phone has all kind of issues. First, when asked to use it for work I whip out my trusty Nokia Lumia: what does it mean there is no app for that? Fix it! Second, my Samsung phone has a custom ROM (not) with all kind of stability issues (not) and loses phone calls, SMS, messages, reboots randomly, sometimes freezes completely. Sorry I didn't receive any call, what do you mean I didn't answer? Same goes for my personal PC. It never, ever works and often won't even boot.
GCS/GE d--(d) s-/+ a C+++ U+++ P-- L+@ E-- W+++ N+ o+ K- w+++ O? M-- V? PS+ PE Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
Dude. You should write an article about this strategy…. anonymously. :)
Jeremy Falcon
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
-
Company IT plan was to put everything on MS auth. So all of the following 1. Email 2. Computer log in 3. Slack My question was not answered when I asked how someone who got locked out of their PC due to a pwd change was supposed to request assistance.
Something similar but with a bigger collateral damage: The Insider News[^]
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
Company had to dich such authentication for two reasons... Not all have a smart phone to use that grate app to authenticate Some refused to use personal phones
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid." ― Albert Einstein
-
Company IT plan was to put everything on MS auth. So all of the following 1. Email 2. Computer log in 3. Slack My question was not answered when I asked how someone who got locked out of their PC due to a pwd change was supposed to request assistance.
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
I feel your pain, not a fan of all the "work" involved. However... Setting up 2FA is the way to go to avoid having your account compromised. The Hello 6-digit pin probably only works on your machine, while your password roams across devices. The way Slack handles it requires a hacker to have access to your Slack and email account, which is another barrier. 2FA can usually be set up in a way that remembers your location or device, so you don't have to authenticate every minute. Like it or not, about 99% of hacks could've been avoided by 2FA. Not because it's impossible to get past 2FA, but because it's a lot harder, so hackers tend to simply move on to someone who doesn't have 2FA.
Best, Sander Azure DevOps Succinctly (free eBook) Azure Serverless Succinctly (free eBook) Migrating Apps to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript
-
To make it worse, now you're expected to use your personal phone for work, for that reason. Used to be keeping things separate was the way to go.
Jeremy Falcon
Even Banks lately ASSUMES an Adroid/iOS device to run their "MoneyApp" to do stuff, I rocked up with a MobiCell, they had to go fetch them old card re-encoder from the back room to assist me after I threw my toys all over their support lines. Back to 2FA: I got to love BitWarden (1Password apparently also) as it include the TOTP (google auth) thus I have less to type/search/etc. and best of all: As I have BitWarden "everywhere" (after my password - long one and only pass I remember :D ) I don't worry about them phones getting lost/stolen anymore
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
We have the same crap. I have to change my Windows password every 3 months. This also means that most of my applications require a new 2FA login. So by the end of the day, I have about 20 messages on my personal phone. (I'm not 'important enough' to get a work phone) And for elevated stuff, we have a Yubi key, and for Google crap we have another electronic key. :omg: Where are the days that I could turn on my computer and just start working? I dreading the day that it requires a vial of blood to log-in :((
-
We have the same crap. I have to change my Windows password every 3 months. This also means that most of my applications require a new 2FA login. So by the end of the day, I have about 20 messages on my personal phone. (I'm not 'important enough' to get a work phone) And for elevated stuff, we have a Yubi key, and for Google crap we have another electronic key. :omg: Where are the days that I could turn on my computer and just start working? I dreading the day that it requires a vial of blood to log-in :((
JohaViss61 wrote:
I'm not 'important enough' to get a work phone
I had that problem too. Except that whilst people with work phones could have them on their desks, those of use without work phones were not allowed to have personal mobile phones in the office. So, for 2FA, one had to leave the office, go to the lockers to get you personal phone. write down the 2FA code, get back to the office and hope that the activation code had not expired before you could use it.
-
To make it worse, now you're expected to use your personal phone for work, for that reason. Used to be keeping things separate was the way to go.
Jeremy Falcon
I insisted on a hardware token for 2FA - I am not keen on relying on a personal mobile device for any work as I have had a phone malfunction on me before.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
old fashioned passwords for old fashioned hackers. :doh: MFA/2FA is essential these days, whether you like it or not. I, personally, like it. It's way better than just a plain old password. Passwords get bought and sold every day on the dark web, etc. Our software shop is in the process of converting all of our existing legacy web apps to use MFA. We already have 2FA at work for all work related accounts. Its not a hassle at all.
-
I feel your pain, not a fan of all the "work" involved. However... Setting up 2FA is the way to go to avoid having your account compromised. The Hello 6-digit pin probably only works on your machine, while your password roams across devices. The way Slack handles it requires a hacker to have access to your Slack and email account, which is another barrier. 2FA can usually be set up in a way that remembers your location or device, so you don't have to authenticate every minute. Like it or not, about 99% of hacks could've been avoided by 2FA. Not because it's impossible to get past 2FA, but because it's a lot harder, so hackers tend to simply move on to someone who doesn't have 2FA.
Best, Sander Azure DevOps Succinctly (free eBook) Azure Serverless Succinctly (free eBook) Migrating Apps to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript
It's also possible to add extra security to your email account if it comes to that. I dislike the interruption that 2FA requires, but it's probably a good thing, forcing me out of auto-think into actually looking at what I'm doing at a time when my attention should be on the task at hand (logging in securely) instead of my original task (the reason for logging in). Security is increasingly important in this world of cyber criminals, so I just cuss quietly and get the thing done. I do think companies should choose tools that do not require their employees to use their personal phones, but that is going to take push-back from the employees, so it's on them. I think I'll start to do that for the two apps we use that require me to use my phone (one is even owned by my company, so that ought to be easier :laugh: )
-
old fashioned passwords for old fashioned hackers. :doh: MFA/2FA is essential these days, whether you like it or not. I, personally, like it. It's way better than just a plain old password. Passwords get bought and sold every day on the dark web, etc. Our software shop is in the process of converting all of our existing legacy web apps to use MFA. We already have 2FA at work for all work related accounts. Its not a hassle at all.
-
To make it worse, now you're expected to use your personal phone for work, for that reason. Used to be keeping things separate was the way to go.
Jeremy Falcon
Three bosses ago, I had a company phone for about a year. I received one company call and one company text (both from my boss) during that time. During one of the cost-reduction manias that followed, it was decided I no longer needed a company phone (which was a Samsung Galaxy). They also decided to 'economize' on the most current iPhone, but I digress.
Software Zen:
delete this; -
My employer switched from a local domain server to one based in Azure. This essentially made my machine new to me. I hand to find/re-install all my programs. Worse than all of that is the insane number of 2FA requests required to use my machine. And it seems like where we used to have username/password, companies are creating their own stuff. Slack assumes your email is secure and only requires a username now, then emails you a temp password. BitBucket was authenticated so long on my machine, I didn't realized I had 2FA, but not text based. I had to dig through my phone to find an app I've used about twice to find the code before I could view source code. Windows thinks the Hello 6 digit pin is more secure than my password. I think I'm done ranting now. But seriously, just bring back good old fashioned passwords.
Hogan
