MFA - who pays for authentication solution?
-
@scottalanmiller said in MFA - who pays for authentication solution?:
@Dashrender said in MFA - who pays for authentication solution?:
Should the company pay a stipend to every user for cellphone use?
What's the other option? There is only two options. Buy what the employees need, pay the employees for it. That's it.
Buy a free to use app / pay the employee to do their job? Using 2FA is a part of the job description with 1 line. . .
-
@scottalanmiller said in MFA - who pays for authentication solution?:
@Dashrender said in MFA - who pays for authentication solution?:
Should the company pay a stipend to every user for cellphone use?
What's the other option? There is only two options. Buy what the employees need, pay the employees for it. That's it.
What do you consider fair for something like this? Also, if they forget their phone, do you send them home unpaid to get it? (hourly employees).
-
@DustinB3403 said in MFA - who pays for authentication solution?:
. . odds are they are already making work calls from it without any questions asked.
Not phone calls, but SMS messages to their bosses. Which they aren't pushing back on wanting to be compensated... but we've already heard from a few - if we forced them to do MFA and that required their phone - they would pitch a fit and demand compensation for the use of their device.
-
I'm not against paying them something small like $10/m, the app isn't draining their data plan or using any mins, it's barely registering at all.
But at the same time - we require people to have clothing for a job, and they aren't compensated for said clothing, so I don't see why they would need to be for a phone either - it's just part of the requirement to have this job.
I can see it both ways.
-
Why not just supply hardware tokens? They are not that expensive.
-
@IRJ said in MFA - who pays for authentication solution?:
Why not just supply hardware tokens? They are not that expensive.
So this would eliminate the company having to rely on an employees responsibility to take care of his/her cell phone. Like, if they forget it at home, or damage it and don't have the money to buy a new one, they can just use the token instead?
-
@Dashrender said in MFA - who pays for authentication solution?:
Here's a topic for conversation:
Who should pay for the MFA solution? I'm mainly talking about the device the end users in your company are using to get that MFA. Should the company pay a stipend to every user for cellphone use?
They are cheap... for users who dont' want to use their cell phones, buy them one of these and configure it in O365:
https://www.token2.com/shop/product/token2-c200-hardware-token
-
@IRJ said in MFA - who pays for authentication solution?:
Why not just supply hardware tokens? They are not that expensive.
for multiple sites? Just what everyone wants, a pocket full of tokens.
EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHRit's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.
-
@Dashrender said in MFA - who pays for authentication solution?:
But at the same time - we require people to have clothing for a job, and they aren't compensated for said clothing, so I don't see why they would need to be for a phone either - it's just part of the requirement to have this job.
This would have to be declared at offer time. Now, the business could certain re-offer the position to the person with this new requirement (or let the person(s) go) but I doubt that would actually happen.
Essentially renegotiating the position and job requirements.
-
Clothing is a societal norm and as such is a ridiculous comparison. I'm of the opinion that if an employer requires a certain tool for the employee to perform their job, then it's up to the employer to either provide the tool or make arrangements with the employee for compensation / reimbursement.
-
@notverypunny said in MFA - who pays for authentication solution?:
Clothing is a societal norm and as such is a ridiculous comparison. I'm of the opinion that if an employer requires a certain tool for the employee to perform their job, then it's up to the employer to either provide the tool or make arrangements with the employee for compensation / reimbursement.
There are many jobs where this simply isn't the case - case in point, many auto mechanics. Most auto mechanics I know who work in car dealerships/city bus depots, etc all have to furnish their own tools. Now, I have no idea if they are paid extra with the expectation that those extra funds are going toward tool purchase/replacement/upgrades, of if the amount offered is the same for shops that supply tools?
-
@Dashrender said in MFA - who pays for authentication solution?:
for multiple sites? Just what everyone wants, a pocket full of tokens.
Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...
-
@Dashrender said in MFA - who pays for authentication solution?:
@IRJ said in MFA - who pays for authentication solution?:
Why not just supply hardware tokens? They are not that expensive.
for multiple sites? Just what everyone wants, a pocket full of tokens.
EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHRit's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.
That's when you use a service like okta or jump cloud
-
@bnrstnr said in MFA - who pays for authentication solution?:
@Dashrender said in MFA - who pays for authentication solution?:
for multiple sites? Just what everyone wants, a pocket full of tokens.
Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...
I agree 100%. Give them the option. Most will choose their phone. I guarantee it
-
Lol, yeah once we reach that point it would definitely be one way to get them to just accept using their own device with no added funds.
I’m not in a boat one way or the other...
It seems we have some that are clearly in one camp or the other though.
-
I'm of the opinion that the company should provide users with anything that is required to do their job. In this case, if a mobile device is required for them to do their job then the company should provide the device. If it's not required then it's the users choice.
-
@Dashrender said in MFA - who pays for authentication solution?:
@IRJ said in MFA - who pays for authentication solution?:
Why not just supply hardware tokens? They are not that expensive.
for multiple sites? Just what everyone wants, a pocket full of tokens.
EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHRit's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.
This is a joke right? You can use a token across multiple sites. Especially Yubikeys.
-
@stacksofplates said in MFA - who pays for authentication solution?:
@Dashrender said in MFA - who pays for authentication solution?:
@IRJ said in MFA - who pays for authentication solution?:
Why not just supply hardware tokens? They are not that expensive.
for multiple sites? Just what everyone wants, a pocket full of tokens.
EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHRit's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.
This is a joke right? You can use a token across multiple sites. Especially Yubikeys.
yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!
-
@Dashrender said in MFA - who pays for authentication solution?:
and our EHR only supports Symantec VIP tokens - super lame!
Then why did you add that in the list if the only solution to that EHR is a Symantec VIP token? Then you already have the only MFA answer to that. Start there and see if everything else supports it. If not, then yeah, a pocket full of keys they shall get... or opt to use their phone.
-
@Dashrender said in MFA - who pays for authentication solution?:
@stacksofplates said in MFA - who pays for authentication solution?:
@Dashrender said in MFA - who pays for authentication solution?:
@IRJ said in MFA - who pays for authentication solution?:
Why not just supply hardware tokens? They are not that expensive.
for multiple sites? Just what everyone wants, a pocket full of tokens.
EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHRit's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.
This is a joke right? You can use a token across multiple sites. Especially Yubikeys.
yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!
I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.
As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.
