Employer using my personal device for 2FA - should I be peeved?

[widebody911]

My employer is switching from RSA SecurID to Duo; as such I have to install the Duo app on my personal smartphone. I am too low on the food chain to have a company-provided phone. There is a way to 2FA with a landline, but from what I read, it's a PITA.

What peeves me is that my personal device is now part of their security infrastructure. They are saving money (I assume) by shifting the hardware cost to me. Additionally, if this Duo app becomes compromised or somehow goes off the reservation, I alone bear the risk.

When I was a HP, there was a huge push to get us to install a security app so that we could access email etc. One of the perms the app granted itself was remote device wipe; HP basically said "Yeah, but we wouldn't ever really do that..." Ok, then you don't need the permission then, do you? I told management I would be glad to install it on a company-provided-and-paid-for-device, but I'm not installing it on my own device.

OTOH, they pay me well, so maybe I should just STFU like the good tech droid I'm supposed to be.

[BlueSkyJaunte]

I carry a personal and a company phone. No way in hell am I letting our broken-ass IT department install anything on my phone (which includes software to disable the camera when I'm on-site).

If you absolutely cannot get them to buy you a phone, get a minimal plan and the cheapest POS phone you can buy and designate that as your corp phone.

[wayner]

The alternative for many environments is to ban insecure non corporate devices from the building

[Vipergrün]

I use Duo on my personal phone and have other controls as well....however I do get reimbursed for most of the bill because my job requires it. Not really a big deal to me. I also use Duo for remote access to personal servers, so there is an aspect of convenience as well.

One of my guys says no ****** way.....and he bought a burner per BlueSky's comments.

[id10t]

One of my coworkers had her phone wiped "accidentally".

My response would be "provide a phone". And when work wants me to have a computer at home, to do work with, they provided it.

Only reason my boss even has my cell number is a coworker sent a group message.

[stomachmonkey]

The too low on the totem pole to qualify for a company phone is bull****.

If the nature of your role requires a cell phone to perform your function then the company needs to either provide that resource or reimburse you for using your personal device regardless of your position in the hierarchy.

As far as installing software that limits or takes control of your personal device away from you, non starter, not gonna happen.

At that point they have effectively co-opted your personal and uncompensated device as their own.

You are now in essence compensating them for a resource that they require in order for you to perform your function.

I'd go out and get a cheap prepaid and expense it.

If the minutes get used up and they don't reload it, oh well.

[sammyg2]

My employer required I get a phone that can hook up to the company's network (e-mails, etc).

I said not fer free.
They ended up giving me an extra $50 a month to pay for it.
But they act like they own it now, had to install their security, have to use a PITA password 100 times a day.

I miss my old motorola flip phone

[HardDrive]

Similar situation where I work. I don't have the app. Want me to be accessible? No problem.....buy me a device.

[BlueSkyJaunte]

Quote:

Originally Posted by sammyg2

But they act like they own it now, had to install their security, have to use a PITA password 100 times a day.

That infuriated me for years too. Thank God with the new phone I just got from the co. they enabled the fingerprint reader (Samsung S7).

I did have to spring for a slim case ($9). The one they gave me felt like it was made from recycled tire treads and tripled the thickness of the damned thing.

[legion]

My employer took away my Blackberry three years ago. Now I don't check my e-mail unless I'm at work. If a critical issue comes up, they have to call me--which is a pain because of all the scam calls I get. How am I supposed to know whether an unrecognized number is work (we have tens of thousands of phone numbers all over the country) or a scammer?

[ledhedsymbols]

I completely agree. I carry two devices, one is work (provided by Boeing) and the other is personal. If the company doesn't see fit to provide me with a cell phone, I refuse to give out my personal number (generally speaking.) It was also a battle to get them to cough up a smartphone. It was a simple conversation. If you want the capacity to call me and look at email when I'm away from the shop, you'll need to provide the tool for that. I'm not giving you my personal number, and I'm sure as hell not installing some app that you tell me to. Personal is personal and business is business.

I don't work for free, nor do I let my employer dictate anything outside of work. Anything less is absolutely unethical in my opinion. I'm an "hourly" employee but perform many supervisory functions. Thankfully, I have a management team above me that appreciates the nuance. In my world, my employer is such a big faceless entity that they would take every bit extra I'm willing to give and then lay me off without a second thought. The corporate world has no morality. Once you open Pandora's box it is very hard to close.

[wdfifteen]

If you are getting paid well and don't want to make waves, get a cheap phone that is only for work. If it malfunctions enough, maybe they will get you a better one.

[stealthn]

I give my employees choice, you want to use your own phone, fine it has to be in our BYOD program with corporate apps and access provided by us, but those can be removed at any time. Want a corporate phone no problem, full managed by us.

Simple

[wildthing]

I have Duo on my personal device, and don't mind it. The convenience of seeing my calendar on my phone outweighs whatever perceived issues there may be. I do not, however, get email on my phone.

[RKDinOKC]

Don't really understand. We use the Office365 Megalith. The Mobile Device Management is all but invisible. It can be set for whatever password/lockout/restrictions are necessary for your specific job and allows the control/wipe of only company data on the device.

If your job requires a device, the company let's you own it and pays you the minimum monthly for the device/service/apps for the job. If you want the newest biggest baddest, you own the device foot the difference make yourself happy. You can also add whatever non-work related apps and accessories etc. you desire.

If you just want to be able to access your company stuff from your own device and it is not necessary for you job. You can do that if you want, but setting the account up puts you on Mobile Device Management. The policies are just different and not nearly as strict.

[aigel]

If the company specifically *requires* you to use a cell phone, they have to provide it or pay for it. Maybe you don't want to cause a big stink, but the law is on your side here, common decency is too.

It is different if you are not *required* to answer calls or txts / emails on your phone. Then it is okay but then they should not worry about your security settings either.

I would bring this up to my manager in a friendly manner. Yes, it costs money to buy people a phone but not in the big picture.

G

[911boost]

My company did the same thing.

I know the higher ups weren't on board so they "may" have kept a mobile server around that I "may" have know the address to and "may" have set my phone up on.

If not, I'm buying a burner to use for work.

[tabs]

Pull a Weiner and send pictures of your cock (use John Holmes pictures as your own) to all the executives in the company and claim that it was a mistake. That you were really trying to send it to your gf's as a personal message. Then tell em you need rehab.