this post was submitted on 06 Dec 2023
150 points (96.9% liked)
[Outdated, please look at pinned post] Casual Conversation
6590 readers
1 users here now
Share a story, ask a question, or start a conversation about (almost) anything you desire. Maybe you'll make some friends in the process.
RULES
- Be respectful: no harassment, hate speech, bigotry, and/or trolling
- Encourage conversation in your post
- Avoid controversial topics such as politics or societal debates
- Keep it clean and SFW: No illegal content or anything gross and inappropriate
- No solicitation such as ads, promotional content, spam, surveys etc.
- Respect privacy: Don’t ask for or share any personal information
Related discussion-focused communities
- !actual_discussion@lemmy.ca
- !askmenover30@lemm.ee
- !dads@feddit.uk
- !letstalkaboutgames@feddit.uk
- !movies@lemm.ee
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My company set up two factor for office 365. The type of verification used is the outlook app where you tap on something to gain access. I must have been one of the first to be required to change my password on the stupid 90 day schedule. After changing my 365 account pw I was locked out because I had to log in to the Outlook app and use the outlook app for verification, which didn't work due to the need to be logged in. You can't make this shit up.
Perfect security. Nobody can access.
That's on your IT department.
Well, it's also on Microsoft for selling their "modern" security theater bullshit to every IT department in the country while not designing it in a sensible fashion or working with third parties to provide meaningful alternatives to the Microsoft branded shit every employee will soon be required to install on their personal devices...
But that's also on your IT department for not warning you or allowing you to keep the SMS/phone verification as a backup for these exact situations. Those aren't depreciated yet, but some companies have let Microsoft's recommend security practices (co-written by their sales team) scare them into downright idiocy.
As someone in IT, here's what you do: Next time that sort of thing happens, just reach out to them immediately and have them reset everything. They may get annoyed, but you know what? They shouldn't be. It's more secure to have an employee call in every single time they need to change a password or re-authenticate a device. It's inconvenient, unnecessary, and downright annoying, wasting everyone's valuable time, but hey....it's more "secure'. If it's more secure, you aren't allowed to be against it.
you and @CodingCarpenter@lemm.ee must use the same system.