[hank_z]

A quick off topic question related to 2FA. If an employee is required to complete the 2FA to access to the company's system, is the company responsible to provide the employee a necessary device (either phone or hardware token) to complete the 2FA?

[0xffff2]

In what way? Morally and ethically, I think you're going to get a resounding yes from people here. Legally, I very much doubt it, but I am not a lawyer.

[hank_z]

Legally. In my opinion, if something is required for a worker to finish the job, the employer is obligated to provide it for free. I could be wrong. Curious to know other people's thought.

[bee_rider]

I’m not sure what the laws are, but it would seem pretty silly to fire an engineer over the cost of a device like this. Of course it is important that you don’t have a cellphone, from your employer’s point of view.

Or “I don’t bring it to work, I want to focus on your issues 100% no distractions, boss :)”

[tekla]

Legally you would be wrong.

See the entire food delivery industry

[hocuspocus]

I don't see many jurisdictions where food delivery drivers are employees.

[bob1029]

We are factoring this into our "should we buy company iPhones for all employees?" conversation right now.

[capableweb]

There are much better alternatives than buying a smartphone if all you want to provide is a 2FA device. Yubikey is one alternative, as a consumer you can buy it for ~50 EUR but I'm sure if you buy 100+ for employees, you can get some sort of deal with them.

[bob1029]

Agreed. This is about much more than just 2FA. Compliance, conference calls, etc. are also on the table.

If we decide to go with a BYOD or other telephony option, then I'm going to push for standardized 2FA hardware devices.

[huhneverthot]

They sold them for $5 for Ignite. I'm SURE you can get them very cheap if you're buying them in any sort of bulk at all.

[hocuspocus]

You don't need iPhones though.

[jameshart]

If the company provides employees with a key to access the office, are they obliged to provide the employee with a keyring on which to put it? A pocket to keep it in? Or are they able to assume that the employee probably would prefer to keep the key on their own keyring, in their own pocket?

I feel the same about 2FA tokens. As a matter of convenience I install the tokens my employer gives me on my personal phone because it makes it easy for me to keep them available at all times.

If for some reason I was unable or unwilling to do so, though, I might expect to be allowed to expense a yubikey.

[nekonek]

We actually wanted to give company phones to the staff for this purpose among others but there was a rather big pushback, people didn't wanted another devices to carry.

[masfuerte]

You don't need a phone or a hardware token. e.g. https://github.com/rsc/2fa

[dheera]

Absolutely yes.

Hardware tokens cost <$50, compared to what companies pay employees on a monthly basis it's peanuts.