against our servers, and this security measure seems to have solved the problem, at least for now. For the benefit of using company-owned equipment (the laptops), I think this is reasonable.

My question is about requiring employees to download the software on their personal mobile device that the company doesn't provide or pay for.

The no part is whether it is ok for your employer to force you to use a personal device. That comes in two flavors. You must vs no edict but you are expected to.

I personally think that isn’t right. You need me to use a tool for work and I expect you to provide the tools. Some professions require your own tools though, but the expansion to personal devices is wrong in my opinion.

Yes in terms of security. Malware on the device used to access work can record what you are doing and expose the corporate network. You should also not access the network from a device you do not own.

They can require it for accessing their network and computers. They cannot force you to download it onto your personal phone, but they also have no requirement to make an exception or accommodation for you either.

I also work for a global corporation and they did the same thing.

I told them they can ship me a [insert company name here] sanctioned phone with all of the security they want, but I will not download their security software to my personal phone.

In my case, they can wipe your phone if they decide there's a security threat.

They shipped me a phone.

Any reputable company would NOT expect you to use your personal hardware for work related tasks.

The app is benign, it basically takes the current time plus a code your employer gives you and runs them through a mathematical algorithm to generate a 6 or 8 digit number. If the number on your phone matches the number on the authenticate server, you are authorized to access whatever systems. It doesn't allow your employer to access your device in any way.

That said, most implementations of 2 factor authentication with RSA apps also allow the use of a keychain fob or the use of a code sent by text message. These would be the only options available to someone without a smart phone.

As for reasonableness, I don't think it is much different than a utility company require its line workers from living within 20 minutes of their operation center, nor much different than an IT worker who must have a telephone number they can be reached at two or three times a year when things go bump in the night, nor much different than a retailer requiring their employees to provide their own black or khaki pants.

but maybe you are talking about an app that is simply an authentication key
for you to use their laptop. USB keys were too hackable, and it's cheaper than a
retinal scan...
In which case yepperr.

If you have access to your corporate email through the phone, it is a suggested security practice.

After the latest russian data hack and breach it seems like a prudent move for companies. I just had to make certain that I used a PIN or other security for both opening the phone and for accessing email via the phone. Both of which are considered good practices for protecting yourself from identity theft.

It’s about being required to download a security app on our phones to use our company laptops.

My phone has almost no apps in it because I use it as a phone. I wasn't thrilled, but I did it and it really has no impact on me. I guess, since it enables me to work from home, I'm OK with it.

I see people saying they can fire you for refusing, and that's likely true for an at-will job.
But, the company could just refuse you access to company servers & data from your phone.
If some above are right about this being an authentication key, not putting the app on there amounts to that same prohibition.
So, you'd likely lose access to anything on that phone.
My experience is very different in that nearly everybody with a professional title gets a company iPhone. I'm retired now, but I'd have to guess it's over 15 years since I had someone working for me that didn't get a phone after I did the paperwork (or online form). Even entry level chemists & chemical engineers.

accessing computer data from a phone. It’s requiring employees to download a security app on a personal mobile device in order to use the company laptop.

Is it about using your mobile phone as a two-step authentication system to get into the laptop?

You aren't really clear about why they are requiring it. Every time someone guess, you just say it's not that. So, what is it? Why are they saying you need to do it. Then maybe we can help.

and yes.

It’s security software they are requiring us to download to our mobile devices so we can access our laptops.

If so, seems reasonable to have that on your phone. Not sure about expecting you to work from home, but I don't know your contract.

I also get the two-step authentication, really. Hacking is crazy and if this company has a lot of proprietary stuff, I get it.

We don’t access the laptop through the phone.

The offices are all closed now due to Covid so everyone is required to work from home.

Everybody had laptops too, but that's not something the company ever did.
I did retire 2 years ago, so they may have since.
But, we could access P & X drives with reader apps and the entire Notes mail & database list.
There was a special Lotus mobile app, but that was solely for the phone.
I'd have to guess that of 1,200 professional staff, a minimum of a thousand of us had phones.
So, I had no experience of using anything (or approving it for others) other than company hardware.

Or is permitting you to use your mobile device a convenience?

If it is a convenience - yes. If they require you to use your mobile device, that poses bigger ethical problems.

Our phones were recently removed, so now all we have is VOIP. Their plan assumed we have internet access on our mobile devices (I don't). They were even unable to answer questions about whether the VOIP calls could be forwarded to a land line, for example, since they were so unprepared for anyone who did not have internet on their mobile phone.

But it is a similar situation. Had I been required to use my own phone (as opposed to my company laptop) to answer calls during mandatory work from home, I would have refused to purchase a data plan. However, since I am able to answer calls on my computer it is reasonable for them to piggy-back on my data plan if I choose to use the (more convenient) mobile device.

We have company issued laptops to do our jobs. But now they are telling us we have to download an app on our personal mobile device to access the laptop.

to the company network? If so, then I would say it is reasonable.

Before this didn’t need the phone at all.

Don't see why you would have to have it?

Or is this one of the multi-factor authentication things?

We just went to that. I had the option of different ways of authenticating - but the only one that limited the intrustion to once every 90 days was installing an authentiction app on my phone. So - I wasn't required to install it, but it was darn inconvenient not to. From that perspective I was permitted to use it - but not required.

And the only option they are giving is installing their software on your personal device. Plus it requires at least an iPhone 8. So people who don’t have a smart phone or have an older iPhone will now have to upgrade at their own expense.

I told my university I was not getting a data plan to pick up the cost-savings they were realizing by moving to VOIP.

Upgrading to a data plan is an on-going very pricey proposition. My phone bill is $15/month for unlimited talk and text. I could probably get away with $5 more per month for enough data for authentication - but to buy enough data to handle VOIP business calls on my cell phone would at least double my phone bill.

Are you required to work out of the office? (I don't need MFA within the walls of the university - but if I choose to work from home, I need it - so in order to have the privilege of working from home, I have to accept MFA. Taking work calls on my personal phone is a different issue - even when I'm working from home I am not under an obligation to do anything other than chat at my computer.)

If you aren't under a contract, in most states, you can be terminated for any reason at all - and your continued employment is enough consideration to make the new obligations enforceable. If your income is low enough that paying for the upgrades would drop you below minimum wage, you would have a stretch argument that they have to cover the added costs. But most people who are given a work laptop make more than that.

Everyone is required to work at home. This is really not a concern for me. I’m concerned for lower level employees who will now be forced to get a smart phone or upgrade their existing phone to use this software.

It is amazing how clueless about class some employers are.

I worked for a very large company, and we were required to download security software on non-company issued mobile devices
When I left that company, they remotely removed the software, however it also removed any software I had previously installed on them...fortunately I had everything backed up in the cloud, and was able to get everything restored
Just be aware if they make you sign any kind of waiver..absolving them of any kind of responsibility...

tokens that are actually physical.

I often opt to install soft token apps on my phone for convenience sake, but it is rarely truly the only option.

I could have a work cell phone but opted to use my personal iPhone and I get reimbursed less than $50 a month by the company since I use it for work too. I'm fine with it.

and only offer company mobile phones to upper management.

to host an Authenticator application.

It may be more convenient for you to use your own device instead of carry around another device for authentication, but that’s your choice to make.

Personally, I would use an application (if it’s available in the App Store) if doing so does not require me to download a security profile or policy to my device. Downloaded profiles and policies can give companies the ability to wipe data from your phone among other capabilities. Downloading a profile is often the only way a company will let you use your device for company email, for instance. These profiles can also allow the company to side-load apps in some instances.

If my job was critical enough to where I needed mobile email, I would ask for a company-provided device. I’m not giving up my privacy for the privilege of being irritated by my company email on my phone.

That’s different from an Authenticator app, though. Some companies (a lot, actually) use Google Authenticator, which is available in the App Store.

"download security software on their personal mobile device to access their company laptops. "

A security key generation app that creates a onetime key so you can access your company laptop. Used to be and probably still is some places a small key fob. If it was a key tracking app or a time analysis app then you might have a issue. But, if it is just a random key generator so you can access your company laptop. I would have no issue with it.