Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>> employees running corp MS Authenticator on their personal devices makes me sad.

> What is sad about that?

Why does it make me sad? That's a good question. Insufficient respect for employees' personal domain. Non-optimal IT defaults.

    - It sets up a scenario where the employee's personal device is
    co-opted without their full, meaningful consent. 
    - It places work assets in a personal device.
    - It introduces a scenario where a critical function takes place
    outside of direct view and control of IT.

    Lastly and speculatively, it places Microsoft software in their device
    and Microsoft can't be trusted to keep it's hands to itself when it has 
    an opportunity to be creepy, grabby or slimy.

    Examples:
    Slimy: Injects Bing links into phone's context menu when Outlook
    for Android app is installed.
    Grabby: History of sharing personal data with 700+ partners.
    Creepy: Relentlessly pushes CoPilot like horny drunk uncle pushes
    sex innuendos.
refs:

MS Authenticator Sandbox analysis: https://www.virustotal.com/gui/file/c165ea4f2c399f474f068087...

https://kagi.com/search?q=How+is+Microsoft+like+a+creepy+unc...



We're taking about 2FA. A TOTP code. I think that's a bit of an overreaction. And as I've never heard of a single small business that can afford to give work phones to their employees, what alternative is there?


> And as I've never heard of a single small business that can afford to give work phones to their employees

The other reply had the productive answer with Yubikey.

Past that, I offer that it's the business's problem to solve.

As a career IT professional, I find it unprofessional to expect employees to cough up their personal devices because their employer is buying services from a trillion dollar mega corp who can't figure this out.

> I've never heard of a single small business that can afford to give work phones to their employees

Sure they can. Used cell ebay $30. They can keep it wherever they log in.

But correct poster is correct about Yubikey. For my part, I do Winauth most of the time and junk-drawer cell phones otherwise.


>what alternative is there?

A YubiKey. Ideally replacing TOTP with U2F, but even doing TOTP on the YubiKey will address some of the GP's concerns.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: