My organization is considering setting up Two-factor authentication (2FA) due to security settings.
Help Center states that “This code will be generated by an authenticator app (e.g. Duo, Authy, Microsoft Authenticator) that you can install on your phone.” should use an “authenticator app” on a mobile device.
However, organizational regulations may require that some staff members be provided with a PC but not a mobile device.
As a countermeasure in this case, we would like to use the “authenticator app” (reference: Microsoft Edge ad-on - Authenticator), an add-on app for the browser (Edge).
I would appreciate any advice you can give me.
I applaud the effort to not require employees to install software needed for company purposes on personal devices.
I have been pushing back to such requests made to me and colleagues, especially when it is in the form of “join our company whatsapp group” as I think that is really intrusive into someone’s personal life.
I do see authentication apps a bit differently though, and your post triggers me to consider why I think that.
I think it’s because it is just to confirm my identity. No messaging, no notifications related to anything other than confirming my identity.
Now I’m starting to wonder how healthy that expectation is.
For security reasons having a separate device confirm serves another purpose, as it confirms access to two devices. It is a bit more protection than with a browser add-on, as - when someone has access to the PC/laptop this authenticator is installed - it gives no extra protection. Yet it could serve to ensure that someone can only sign in from devices that have this add-on.
Not really an answer to your question, but I thought you might appreciate some considerations on the matter.
1 Like