Hacker News new | past | comments | ask | show | jobs | submit login

My company wants me it install Microsoft Authenticator but I find that unacceptable. That is my personal device and installation of any app is my choice and my choice only.

That being said, TOTP is practically standard and every phone have a method of generating their own TOTP so I don't mind adding employer's company to my BitWarden or Apple passwords. Same way I would not have problem to have SMS as a MFA.




I won't use my personal phone number for SMS company accounts, because a lot of services won't let me use it for my personal account then.

Also it's gross, I hate giving out my number


Agreed, but industry best practice is to not use SMS for MFA.

If anyone is doing that in 2024, that is a warning sign.


I have dumb phone for that. If they pressure me to install something on it, I just bring them that phone (with my real sim), and ask them how we shall proceed.


I already have a TOTP app on my phone for all my other security (I have like 15 MFA codes), so adding an extra code isnt really a problem for me. P lus I'd much rather have just an extra code than carry a 2nd phone. Plus for me, a 2nd phone means on call. Plus Im just happy to have a good paying job. Me complaining about wanting an extra device doesnt benefit anyone. But thats just my situation.


> My company wants me it install Microsoft Authenticator but I find that unacceptable.

I had them give me a phone. It sits on my desk. 99% of 9he time, it's used only for Microsoft Authenticator. (That does not count the seemingly endless "Scam Likely" calls I simply ignore.)


As far as they are concerned you do not own a smart phone.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: