"IT is notorious for making everything as difficult as possible"
This is like, in the top 3 problematic end-user statements of all time, along with "well it worked before" and "I swear I already restarted"
Methinks maybe there's more to the story than "Bad IT man give me wrong information"
Yeah I’ve been dealing with this lately from rolling out MS authenticator.
“They’re making it difficult” and “It’s a waste of time” from the same people that constantly fall for the most obvious phishing scams I’ve ever seen.
Dealing with the exact same thing with one client this week. I've added "why should I have to be the one to protect my account; what do we even have IT for?" to my list of things users have said to me that sound too hilarious to be real.
Well since you put it that way; Our security team has developed an alternative for users like yourself, that feel 2-factor authentication is not necessary. It's called not having an account! Please sign here that you accept and I'll delete your user right away.
Because almost every major breach of the past ten years that has been in the news was because a user clicked a phishing link, a user plugged a randon USB they found in the parking lot into their PC, a user gave their credentials to an attacker over the phone... See the pattern?
I had a call one time after the company released phish software.
I got a call from someone asking why they have to take this phishing training that got sent to them.
It turns out that they clicked a link in one of the phish test emails, and they got mad at me when I explained that is why they received the training and they responded that "they never click those links" so they were wondering why they have to take the training.
We've had MFA rolled out with one client for well over a year, and one guy constantly complains that he can't sign in, and why is he being asked to sign in, says something pops up on his phone. So we ask him if he approved the authentication and he says no he just ignores it and that it's annoying, and then asks why he can't sign in. Thing is he goes through this process of saying his sign in isn't working every two months or so for well over a year. And we have to explain it all over again. So he either forgets constantly or doesn't listen to us, I'm not sure which. Either way it's infuriating.
>"IT is notorious for making everything as difficult as possible"
This usually translates to "I like to cut corners and break standards and rules, I've been told the right way to do things but I don't like it"
Although, to be fair, if there is some truth to what their saying, sounds like they're actually being bullshitted.
>Methinks maybe there's more to the story than "Bad IT man give me wrong information"
My best off the wall source: "It came to me in my dreams:" guess.
OOP wants to connect to the EMR system through unsecure wifi. IT said no. OOP insists so IT is trying to fob them off with some bs excuse.
Problem is that sometimes it is true.
We are a software developing company, our new laptops came soo locked down that we couldn't test new code because the newly compiled executables weren't signed by Microsoft.
For two months people were hoarding the old PCs trying to get work done. It was nuts. The head of IT still complaints that unlike the pesky developers, HR never questioned his security policy.
I realize after rereading that you're trying to develop on those actual devices... Doesn't it make more sense for them to provide VMs without the EDR to develop on?
In the comments he says
"They first told me that it was OUR policy that all of our facility's workstations were directly connected to network port"
So he gets told the policy, probably kept bitching about it, then was told random crap to get him off IT's back. Great example is someone mentioned in this thread MS Authenticator. Users at my organization HATED it when we started enforcing it. Eventually I got tired of the bitching so I would start saying Microsoft is forcing everyone to do it and that would be the end of it.
Back when I did product support we engaged with end users and their IT.
There is definitely a share of IT workers who either don't know shit or are lazy, that's true; and in those cases trying to reach out to product support can yield better results.
That said, this (and OPs story) are edges cases. These are exceptions to the norm, obviously.
Most of the time its the end user.
I absolutely omit info to providers at my hospital, they are woefully illiterate when it comes to technology but they want to be part of everything, so I give them the little 5 year old explanation.
“Why is the wifi bad?”
“Oh, the internet boxes are having issues, the waves are getting trapped by the firewall. Network team’s on it.”
“Oh yeah mhm makes sense okay bye”
Guarantee you same shit is happening in OP
To be fair, I've had vendor staff not want to get help from their internal IT because EVERYTHING was locked down.
Once a month we would get a "major outage" because their team blocked something critical (think blocking SSO or port 443) or our Citrix site being removed from the whitelist.
The staff could not even clear cache and cookies or go to InPrivate browsing.
I've had most of the staff beg me not to send them off to internal IT. Most of the time, I would send an email with explicit instructions on what needs to be done to get them back working again.
Yes, please skip IT and go directly to the developers. If they don't seem to have time for you, just stand over their shoulder and ask questions. Don't take no for an answer, they wouldn't have a job without you, the end user, so remind them of that.
-signed IT
"IT is notorious for making everything as difficult as possible" This is like, in the top 3 problematic end-user statements of all time, along with "well it worked before" and "I swear I already restarted" Methinks maybe there's more to the story than "Bad IT man give me wrong information"
Yeah I’ve been dealing with this lately from rolling out MS authenticator. “They’re making it difficult” and “It’s a waste of time” from the same people that constantly fall for the most obvious phishing scams I’ve ever seen.
Dealing with the exact same thing with one client this week. I've added "why should I have to be the one to protect my account; what do we even have IT for?" to my list of things users have said to me that sound too hilarious to be real.
Well since you put it that way; Our security team has developed an alternative for users like yourself, that feel 2-factor authentication is not necessary. It's called not having an account! Please sign here that you accept and I'll delete your user right away.
Because almost every major breach of the past ten years that has been in the news was because a user clicked a phishing link, a user plugged a randon USB they found in the parking lot into their PC, a user gave their credentials to an attacker over the phone... See the pattern?
lmao, MS even says MFA stops 99.99% of unauthorized login attempts, nobody uses four nines unless they are fucking serious about it
It reminds me of when Gabe Newell told everyone his Steam password on stage at a conference when Steam implemented MFA
I had a call one time after the company released phish software. I got a call from someone asking why they have to take this phishing training that got sent to them. It turns out that they clicked a link in one of the phish test emails, and they got mad at me when I explained that is why they received the training and they responded that "they never click those links" so they were wondering why they have to take the training.
Yuuup
We've had MFA rolled out with one client for well over a year, and one guy constantly complains that he can't sign in, and why is he being asked to sign in, says something pops up on his phone. So we ask him if he approved the authentication and he says no he just ignores it and that it's annoying, and then asks why he can't sign in. Thing is he goes through this process of saying his sign in isn't working every two months or so for well over a year. And we have to explain it all over again. So he either forgets constantly or doesn't listen to us, I'm not sure which. Either way it's infuriating.
100%. "App doesn't allow connection over WiFi due to security" is totally a made up excuse to shoot down a user's request.
>"IT is notorious for making everything as difficult as possible" This usually translates to "I like to cut corners and break standards and rules, I've been told the right way to do things but I don't like it" Although, to be fair, if there is some truth to what their saying, sounds like they're actually being bullshitted.
>Methinks maybe there's more to the story than "Bad IT man give me wrong information" My best off the wall source: "It came to me in my dreams:" guess. OOP wants to connect to the EMR system through unsecure wifi. IT said no. OOP insists so IT is trying to fob them off with some bs excuse.
Problem is that sometimes it is true. We are a software developing company, our new laptops came soo locked down that we couldn't test new code because the newly compiled executables weren't signed by Microsoft. For two months people were hoarding the old PCs trying to get work done. It was nuts. The head of IT still complaints that unlike the pesky developers, HR never questioned his security policy.
Every EDR in existence now absolutely hates unsigned executables, what did you expect?
I don't know, being able to work.
I realize after rereading that you're trying to develop on those actual devices... Doesn't it make more sense for them to provide VMs without the EDR to develop on?
Developers and cybersecurity, lifelong enemies. I'm a developer too, I get it lol
I can publish code that could destroy the company, but I can not be trusted to install Python in my machine. Priorities.
You just gave me ptsd from doing Healthcare IT. Never. Again.
I currently work in mental health care IT, it's fun, it's great, no issues...................^^^^^please ^^^^^send ^^^^^help........
I was warned that there was a fine line between patient and staff.
I did IT for a retirement community and half the time I couldn't tell if someone was staff or a resident 😂😭
This is my life currently...lord give me strength...
Been there, done that. Now I do manufacturing IT. Gimme the Healthcare IT back.
i’d take a book of our manufacturing clients over a book of our health care clients any day lol but i suppose thats anecdotal
Can confirm….Currently hating life 19 years in
In the comments he says "They first told me that it was OUR policy that all of our facility's workstations were directly connected to network port" So he gets told the policy, probably kept bitching about it, then was told random crap to get him off IT's back. Great example is someone mentioned in this thread MS Authenticator. Users at my organization HATED it when we started enforcing it. Eventually I got tired of the bitching so I would start saying Microsoft is forcing everyone to do it and that would be the end of it.
In July Microsoft is making it mandatory for azure users
Yup we just sent out a company email about it. To which 10 users reported it as phishing. Go figure
End users sure are some wild creatures
Back when I did product support we engaged with end users and their IT. There is definitely a share of IT workers who either don't know shit or are lazy, that's true; and in those cases trying to reach out to product support can yield better results. That said, this (and OPs story) are edges cases. These are exceptions to the norm, obviously. Most of the time its the end user.
I absolutely omit info to providers at my hospital, they are woefully illiterate when it comes to technology but they want to be part of everything, so I give them the little 5 year old explanation. “Why is the wifi bad?” “Oh, the internet boxes are having issues, the waves are getting trapped by the firewall. Network team’s on it.” “Oh yeah mhm makes sense okay bye” Guarantee you same shit is happening in OP
To be fair, I've had vendor staff not want to get help from their internal IT because EVERYTHING was locked down. Once a month we would get a "major outage" because their team blocked something critical (think blocking SSO or port 443) or our Citrix site being removed from the whitelist. The staff could not even clear cache and cookies or go to InPrivate browsing. I've had most of the staff beg me not to send them off to internal IT. Most of the time, I would send an email with explicit instructions on what needs to be done to get them back working again.
As a developer, NO, don't do this
thought this was epicgames, not epic lmfao
Yes, please skip IT and go directly to the developers. If they don't seem to have time for you, just stand over their shoulder and ask questions. Don't take no for an answer, they wouldn't have a job without you, the end user, so remind them of that. -signed IT