* * * * *
As this is all being done over email, how do I know it's not an elaborate
phishing scheme?
I think I dodged a bullet.
Last Friday, I received an email from the Corporate Overlords about their
impending “multi-factor authentication implementation”. They included a FAQ
(Frequenty Asked Questions) about the project:
> **Q:** I don't have a company mobile. Can I install XXX on my personal
> mobile?
>
> **A:** Yes, you can install the XXX Mobile App on your personal phone to
> use it as a token.
>
> **Q:** I don't have a company mobile and I don't want to install XXX on my
> personal mobile.
>
> **A:** We strongly suggest using the XXX mobile app as the most convenient
> features, like XXX push (one touch authorization), are not available on the
> hardware token. You also can use the DUO Mobile App to secure your personal
> accounts (Google, Facebook, LinkedIn, Amazon, etc…) with multi-factor
> authentication.
>
> If you really don't want to install the app, please let XXX know, hardware
> token also available and will be distributed upon request.
>
I don't have a company provided smart phone, and I really don't want to
install this software on my personal smart phone, given the silliness of
their managed laptop [1]. But I don't also want to come across as too
obstinate in dealing with them—they do, after all, sign the paychecks.
So I recieved the email about downloading the app today and after some
internal back-and-forth, I decided “Why the heck not? Let the Corporate
Overlords onto my iPhone! What's the worse that can happen?”
Please don't answer that.
Much to my relief (and surprise, but in retrospect it shouldn't really have
been) my version of iOS is too old to be supported! I can't use the mobile
app!
Whew!
So now I'll see how long it takes for them to send me the hardware token, and
where they deliver it (given that the Ft. Lauderdale Office of the
Corporation is still closed due to COVID-19).
[1]
gopher://gopher.conman.org/0Phlog:2020/08/26.1
Email author at
[email protected]
