So now they're implementing TFA (two factor authentication) at work when using VPN. Like everything else Main ITS does, this was not completely thought out. First off, several of us got a "Final Warning" email on Wednesday advising us that we hadn't set up our PINs and that this needed to be done because this was going into effect the following day.
Excuse me? FINAL NOTICE?! This is the first I've heard of this!
When word got back to them that no one had received any previous notification, they backed off and said implementation would be postponed until next week. Gee, thanks!
They held a zoom meeting for all departmental I.T. staff yesterday morning and walked everyone through setting this up, creating PINs, downloading the app onto your phone, etc.
Someone brought up a very salient point: what if a user doesn't have a cell phone? (I mean, it's rare, but there are people who aren't on the grid.) "Uh…we'll get back to you on that. Let's move on."
So yeah. While I had no trouble setting it up for my use, two of my colleagues were unable to create the initial PIN number.
Needless to say, Monday is going to be interesting a clusterfuck because as of 4:30 pm on Friday, no enterprise-wide email had gone out to inform the unwashed masses of this imminent change or what they needed to do to set it up.
Oh My how I relate to that.
It's only been a bit more than a year since I joined the the company I'm working at, and I still haven't been answered the very same question: what if I (or any employee) had not/did not want to have a mobile phone?
Likewise the TFA is mandatory as we use VDI both onsite and when working from home. At least it doesn't require an app to be installed on the phone – non-smartphone users are still eligible, phew…
But what if I decided to go mobile phone free? Would it be reason enough to fire me?
Like I said: still awaiting for an answer.