Reply to post: when is MFA, not?

2FA? We've heard of it: White hats weirded out by lack of account security in enterprise

Anonymous Coward
Anonymous Coward

when is MFA, not?

Is a (Microsoft, in this case) MFA solution which uses your smartphone really MFA? I mean, if that same smartphone is the email reading device, it seems like the opportunity for compromise and exploit is higher than it would be with a separate MFA token/device.

Technical reasons aside, I agree it's pretty reprehensible for companies to assume (or require) employees use their personal computer/phone/etc. for access to corporate resources. $COMPANY has explicitly told the employees not to use company kit for personal files, email, etc., wouldn't you think the reverse would be (should be!) equally true.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon