[widebody911]

My employer is switching from RSA SecurID to Duo; as such I have to install the Duo app on my personal smartphone. I am too low on the food chain to have a company-provided phone. There is a way to 2FA with a landline, but from what I read, it's a PITA.

What peeves me is that my personal device is now part of their security infrastructure. They are saving money (I assume) by shifting the hardware cost to me. Additionally, if this Duo app becomes compromised or somehow goes off the reservation, I alone bear the risk.

When I was a HP, there was a huge push to get us to install a security app so that we could access email etc. One of the perms the app granted itself was remote device wipe; HP basically said "Yeah, but we wouldn't ever really do that..." Ok, then you don't need the permission then, do you? I told management I would be glad to install it on a company-provided-and-paid-for-device, but I'm not installing it on my own device.

OTOH, they pay me well, so maybe I should just STFU like the good tech droid I'm supposed to be.