Tuesday, September 15, 2020
As this is all being done over email, how do I know it's not an elaborate phishing scheme?
I think I dodged a bullet.
Last Friday, I received an email from the Corporate Overlords about their impending “multi-factor authentication implementation”. They included a FAQ about the project:
Q: I don't have a company mobile. Can I install XXX on my personal mobile?
A: Yes, you can install the XXX Mobile App on your personal phone to use it as a token.
Q: I don't have a company mobile and I don't want to install XXX on my personal mobile.
A: We strongly suggest using the XXX mobile app as the most convenient features, like XXX push (one touch authorization), are not available on the hardware token. You also can use the DUO Mobile App to secure your personal accounts (Google, Facebook, LinkedIn, Amazon, etc…) with multi-factor authentication.
If you really don't want to install the app, please let XXX know, hardware token also available and will be distributed upon request.
I don't have a company provided smart phone, and I really don't want to install this software on my personal smart phone, given the silliness of their managed laptop. But I don't also want to come across as too obstinate in dealing with them—they do, after all, sign the paychecks.
So I recieved the email about downloading the app today and after some internal back-and-forth, I decided “Why the heck not? Let the Corporate Overlords onto my iPhone! What's the worse that can happen?”
Please don't answer that.
Much to my relief (and surprise, but in retrospect it shouldn't really have been) my version of iOS is too old to be supported! I can't use the mobile app!
Whew!
So now I'll see how long it takes for them to send me the hardware token, and where they deliver it (given that the Ft. Lauderdale Office of the Corporation is still closed due to COVID-19).