There is a conflict brewing in the workplace that many will view as just another symptom of corporate greed. Regardless of its source it’s about to come to a boil, and Microsoft and the other tech heavy-hitters are turning up the heat whether we are ready or not. To be fair to them, they aren’t doing it to be jerks, but as part of an overall shift to a concept called “security by design” which part of the Biden Administration’s overall “National Cybersecurity Strategy” released earlier this year. The strategy is way too complex to even attempt covering in our tiny blog, but there is one element that touches all of us: multi-factor authentication and the push to move past simple SMS codes to authentication apps.
What this means for you
The core concept of “security by design” is focusing the responsibility of security on the manufacturers and vendors and not relying on the end-user to know what is best. As a prime example of this, Microsoft, by default, now requires multifactor authentication for its new customers (which can then be manually disabled), where before, this service needed to be turned on manually by the customer (or their designated IT professional) themselves. All well and good – as a security professional this makes perfect sense to me, and I support the trend – BUT this also requires those employers who don’t provide smartphones to their employees to “ask” those employees to install one or more authenticator apps on their personal devices in order use critical services for their work. Unless you are providing your employees with some sort of reimbursement or have stated in their employment contracts that this is a requirement of the job, this is going to be a problem for many people who are still trying to keep their work and personal lives separate. As a business owner, this ship sailed for me personally a long time ago, but for my employees and yours, what was once a tacit, unspoken arrangement may now have to be formally addressed. Now that smartphones are essentially the easiest way for us to implement multifactor authentication, and everything will soon require it, that personal cell phone has ceded more territory than any of us could have predicted, and employers may need to get in front of this issue before it becomes an employee grievance.
Image courtesy of blackzheep at FreeDigitalPhotos.net