"You must be able to log in without the use of own electronic devices" gave birth to pre-generated list of (time-based) 2FA codes (for over 3 hours) rule:

u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org · edit-2 21 hours ago

"You must be able to log in without the use of own electronic devices" gave birth to pre-generated list of (time-based) 2FA codes (for over 3 hours) rule:

sem@lemmy.blahaj.zone · 19 hours ago

This explains the what but not the why.

Why??

u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org · 18 hours ago

I wasn’t allowed to bring in my phone, which has the authenticator app. And I had to log in on a provided device. And I use 2FA.

The guy didn’t even seem surprised when I asked him for current time to look up the current code, so probably this indeed was within the expectations.
“You can have the password printed out” - part of the instructions

muusemuuse@sh.itjust.works · 4 hours ago

Or they could just give a you a hardware token like Thales does.

sem@lemmy.blahaj.zone · 15 hours ago

But why couldn’t you bring a phone where you were going, and why did you have to log into a strange device?

What were you doing?

Liz@midwest.social · 10 hours ago

High security stuff where anything electronic is a spy device until thoroughly proven otherwise. You’re not going to get a specific answer unless OP is an idiot.

sem@lemmy.blahaj.zone · 4 hours ago

I’m going to brainstorm a few ideas because I’m really curious about this. It sounds like an exciting life to live.

Would these be examples of the following?

a job interview with a corporate or governmental organization demanding high secrecy where you still have to log into your job portal for some reason.
you are a consultant on a high security technical project and you are somehow allowed to access the regular internet on a device that’s not your own and use some tools for which you have an account.

These are the only things I can think of. For any regular job, I don’t understand why they wouldn’t just give you a hard token. One of those things that you put on a key ring, which shows you a time-based second factor string of numbers on a little LCD screen.

I had one of those and I was not doing anything sensitive. I was just an environmental educator working for the state government and I had to use it to login to the state laptop to submit my time sheets.

On the other hand, if they won’t give you a hard token, because they’re worried you might bring your own device that looks like a hard token and replicates their hard token except with additional spy hardware, I’m not sure why they are allowing you to log into something on that laptop.

Or if they do expect you to log into something on that laptop, I don’t understand why you’d have to come up with your own custom solution rather than them have some kind of system that everybody uses.

u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org · 3 hours ago

I like the ideas here, so much so that I feel bad for giving you a disappointing answer: exam.

No own electronic devices in the exam room. That included everything, phones, watches, calculators and they also specifically mentioned “hearing aid” while giving out all instructions verbally.
Perhaps if there was someone it applied to they wouldn’t but…
And I had to log into our system to take it, which uses TOTP 2FA. An odd situation. Since the only other thing from clothes being allowed was a pen and paper with password (if needed), here we are.

But one real world example I heard from someone is no unapproved devices being brought into the server room.

Sorry, nothing interesting going on in here.