ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    MFA - who pays for authentication solution?

    Scheduled Pinned Locked Moved IT Discussion
    mfadashrender
    27 Posts 11 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @scottalanmiller
      last edited by

      @scottalanmiller said in MFA - who pays for authentication solution?:

      @Dashrender said in MFA - who pays for authentication solution?:

      Should the company pay a stipend to every user for cellphone use?

      What's the other option? There is only two options. Buy what the employees need, pay the employees for it. That's it.

      Buy a free to use app / pay the employee to do their job? Using 2FA is a part of the job description with 1 line. . .

      1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @scottalanmiller
        last edited by

        @scottalanmiller said in MFA - who pays for authentication solution?:

        @Dashrender said in MFA - who pays for authentication solution?:

        Should the company pay a stipend to every user for cellphone use?

        What's the other option? There is only two options. Buy what the employees need, pay the employees for it. That's it.

        What do you consider fair for something like this? Also, if they forget their phone, do you send them home unpaid to get it? (hourly employees).

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @DustinB3403
          last edited by

          @DustinB3403 said in MFA - who pays for authentication solution?:

          . . odds are they are already making work calls from it without any questions asked.

          Not phone calls, but SMS messages to their bosses. Which they aren't pushing back on wanting to be compensated... but we've already heard from a few - if we forced them to do MFA and that required their phone - they would pitch a fit and demand compensation for the use of their device.

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            I'm not against paying them something small like $10/m, the app isn't draining their data plan or using any mins, it's barely registering at all.

            But at the same time - we require people to have clothing for a job, and they aren't compensated for said clothing, so I don't see why they would need to be for a phone either - it's just part of the requirement to have this job.

            I can see it both ways.

            DustinB3403D 1 Reply Last reply Reply Quote 0
            • IRJI
              IRJ
              last edited by

              Why not just supply hardware tokens? They are not that expensive.

              FredtxF DashrenderD 2 Replies Last reply Reply Quote 2
              • FredtxF
                Fredtx @IRJ
                last edited by

                @IRJ said in MFA - who pays for authentication solution?:

                Why not just supply hardware tokens? They are not that expensive.

                So this would eliminate the company having to rely on an employees responsibility to take care of his/her cell phone. Like, if they forget it at home, or damage it and don't have the money to buy a new one, they can just use the token instead?

                1 Reply Last reply Reply Quote 0
                • ObsolesceO
                  Obsolesce @Dashrender
                  last edited by

                  @Dashrender said in MFA - who pays for authentication solution?:

                  Here's a topic for conversation:

                  Who should pay for the MFA solution? I'm mainly talking about the device the end users in your company are using to get that MFA. Should the company pay a stipend to every user for cellphone use?

                  They are cheap... for users who dont' want to use their cell phones, buy them one of these and configure it in O365:

                  https://www.token2.com/shop/product/token2-c200-hardware-token

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @IRJ
                    last edited by

                    @IRJ said in MFA - who pays for authentication solution?:

                    Why not just supply hardware tokens? They are not that expensive.

                    for multiple sites? Just what everyone wants, a pocket full of tokens.

                    EHR
                    email
                    2nd EHR
                    3rd EHR
                    4th EHR
                    5th EHR

                    it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                    B IRJI stacksofplatesS 3 Replies Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @Dashrender
                      last edited by

                      @Dashrender said in MFA - who pays for authentication solution?:

                      But at the same time - we require people to have clothing for a job, and they aren't compensated for said clothing, so I don't see why they would need to be for a phone either - it's just part of the requirement to have this job.

                      This would have to be declared at offer time. Now, the business could certain re-offer the position to the person with this new requirement (or let the person(s) go) but I doubt that would actually happen.

                      Essentially renegotiating the position and job requirements.

                      1 Reply Last reply Reply Quote 0
                      • notverypunnyN
                        notverypunny
                        last edited by

                        Clothing is a societal norm and as such is a ridiculous comparison. I'm of the opinion that if an employer requires a certain tool for the employee to perform their job, then it's up to the employer to either provide the tool or make arrangements with the employee for compensation / reimbursement.

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @notverypunny
                          last edited by

                          @notverypunny said in MFA - who pays for authentication solution?:

                          Clothing is a societal norm and as such is a ridiculous comparison. I'm of the opinion that if an employer requires a certain tool for the employee to perform their job, then it's up to the employer to either provide the tool or make arrangements with the employee for compensation / reimbursement.

                          There are many jobs where this simply isn't the case - case in point, many auto mechanics. Most auto mechanics I know who work in car dealerships/city bus depots, etc all have to furnish their own tools. Now, I have no idea if they are paid extra with the expectation that those extra funds are going toward tool purchase/replacement/upgrades, of if the amount offered is the same for shops that supply tools?

                          1 Reply Last reply Reply Quote 1
                          • B
                            bnrstnr @Dashrender
                            last edited by bnrstnr

                            @Dashrender said in MFA - who pays for authentication solution?:

                            for multiple sites? Just what everyone wants, a pocket full of tokens.

                            Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...

                            IRJI 1 Reply Last reply Reply Quote 1
                            • IRJI
                              IRJ @Dashrender
                              last edited by

                              @Dashrender said in MFA - who pays for authentication solution?:

                              @IRJ said in MFA - who pays for authentication solution?:

                              Why not just supply hardware tokens? They are not that expensive.

                              for multiple sites? Just what everyone wants, a pocket full of tokens.

                              EHR
                              email
                              2nd EHR
                              3rd EHR
                              4th EHR
                              5th EHR

                              it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                              That's when you use a service like okta or jump cloud

                              1 Reply Last reply Reply Quote 0
                              • IRJI
                                IRJ @bnrstnr
                                last edited by

                                @bnrstnr said in MFA - who pays for authentication solution?:

                                @Dashrender said in MFA - who pays for authentication solution?:

                                for multiple sites? Just what everyone wants, a pocket full of tokens.

                                Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...

                                I agree 100%. Give them the option. Most will choose their phone. I guarantee it

                                1 Reply Last reply Reply Quote 2
                                • DashrenderD
                                  Dashrender
                                  last edited by

                                  Lol, yeah once we reach that point it would definitely be one way to get them to just accept using their own device with no added funds.

                                  I’m not in a boat one way or the other...

                                  It seems we have some that are clearly in one camp or the other though.

                                  1 Reply Last reply Reply Quote 0
                                  • wirestyle22W
                                    wirestyle22
                                    last edited by

                                    I'm of the opinion that the company should provide users with anything that is required to do their job. In this case, if a mobile device is required for them to do their job then the company should provide the device. If it's not required then it's the users choice.

                                    1 Reply Last reply Reply Quote 0
                                    • stacksofplatesS
                                      stacksofplates @Dashrender
                                      last edited by

                                      @Dashrender said in MFA - who pays for authentication solution?:

                                      @IRJ said in MFA - who pays for authentication solution?:

                                      Why not just supply hardware tokens? They are not that expensive.

                                      for multiple sites? Just what everyone wants, a pocket full of tokens.

                                      EHR
                                      email
                                      2nd EHR
                                      3rd EHR
                                      4th EHR
                                      5th EHR

                                      it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                                      This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                                      DashrenderD 1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender @stacksofplates
                                        last edited by

                                        @stacksofplates said in MFA - who pays for authentication solution?:

                                        @Dashrender said in MFA - who pays for authentication solution?:

                                        @IRJ said in MFA - who pays for authentication solution?:

                                        Why not just supply hardware tokens? They are not that expensive.

                                        for multiple sites? Just what everyone wants, a pocket full of tokens.

                                        EHR
                                        email
                                        2nd EHR
                                        3rd EHR
                                        4th EHR
                                        5th EHR

                                        it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                                        This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                                        yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                                        ObsolesceO stacksofplatesS 2 Replies Last reply Reply Quote 0
                                        • ObsolesceO
                                          Obsolesce @Dashrender
                                          last edited by

                                          @Dashrender said in MFA - who pays for authentication solution?:

                                          and our EHR only supports Symantec VIP tokens - super lame!

                                          Then why did you add that in the list if the only solution to that EHR is a Symantec VIP token? Then you already have the only MFA answer to that. Start there and see if everything else supports it. If not, then yeah, a pocket full of keys they shall get... or opt to use their phone.

                                          1 Reply Last reply Reply Quote 0
                                          • stacksofplatesS
                                            stacksofplates @Dashrender
                                            last edited by

                                            @Dashrender said in MFA - who pays for authentication solution?:

                                            @stacksofplates said in MFA - who pays for authentication solution?:

                                            @Dashrender said in MFA - who pays for authentication solution?:

                                            @IRJ said in MFA - who pays for authentication solution?:

                                            Why not just supply hardware tokens? They are not that expensive.

                                            for multiple sites? Just what everyone wants, a pocket full of tokens.

                                            EHR
                                            email
                                            2nd EHR
                                            3rd EHR
                                            4th EHR
                                            5th EHR

                                            it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                                            This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                                            yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                                            I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                                            As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                                            DashrenderD 1 Reply Last reply Reply Quote 2
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post