Never add your personal device to a companies MDM…

mk89 · 2026-03-12T06:29:42 1773296982

Never use your personal device for work, you wanted to say, probably.

heraldgeezer · 2026-03-12T08:42:36 1773304956

The only maybe grey area is to only us it as authenticator. But yes even then the company needs to provide this, a cheap phone works.

bandie91 · 2026-03-12T20:23:16 1773346996

or an even cheaper and less complex (!) hardware token.

kelvinjps10 · 2026-03-12T14:53:20 1773327200

USB keys? Isn't that what most companies do?

heraldgeezer · 2026-03-12T15:01:36 1773327696

No, most companies use MS authenticator now for Office 365...

https://support.microsoft.com/en-us/account-billing/download...

kelvinjps10 · 2026-03-12T15:49:43 1773330583

In the company I used to work they shipped you a chromium os computer and a yubikey

heraldgeezer · 2026-03-12T17:47:53 1773337673

Most companies are definitely NOT using Yubikeys. Did you work for Google? Nice man :)

MFA in general had to be forced on companies, and then it is most often in software on a phone.

Here are some rough numbers.

  google_workspace:
    total_active_users: "3 billion (includes free/consumer Gmail)"
    paid_business_customers: "11 million companies (2024)"
    paid_customer_growth: "+1 million companies in under 1 year (2023-2024)"
    global_business_market_share: "~50%"
    fortune_500_presence: "minority share, weaker than Microsoft in enterprise"
    mfa_with_yubikeys:
      internal_google_employees: "100% use hardware keys (Yubikey/Titan) — since 2017"
      fido_u2f_origin: "Google co-created U2F standard with Yubico post-Operation Aurora"
      estimated_user_adoption_pct: "~1-3% of all Workspace users (inference, not published)"
      concentration: "Highest in finance, government, tech/security-conscious orgs"
      typical_majority_mfa_method: "TOTP apps (Google Authenticator) or SMS"
      enterprise_passkey_deployment_2025: "87% of US/UK enterprises deploying or have deployed passkeys (FIDO Alliance — includes all hardware key types, not Yubikey-specific)"

  microsoft_365:
    total_active_users: "~270 million (commercial)"
    paid_business_customers_us: "~1 million active US business customers"
    us_company_penetration: "~3% of all US companies"
    global_business_market_share: "~45%"
    fortune_500_presence: "~75% of Fortune 500"
    mfa_with_yubikeys:
      exact_stat_available: false
      note: "Same data gap as Workspace — no published breakdown"

  caveats:
    - "Google's 3B user figure conflates consumer and business — not comparable to Microsoft's 270M commercial figure"
    - "Market share figures vary by methodology (seats vs revenue vs orgs)"
    - "Yubikey adoption % is an industry inference; treat as directional only"
    - "Passkey != Yubikey — FIDO Alliance 87% figure covers all FIDO2/passkey methods"

kelvinjps10 · 2026-03-12T21:38:56 1773351536

I worked for Amazon they used the open source version of chrome os (chromium os). And mini PCs, I think this is the best setup, If I ever have to manage a company I will do this.

heraldgeezer · 2026-03-13T13:07:41 1773407261

Ok good for you. Can you see now that most companies are not using Yubikeys?

2bluesc · 2026-03-12T14:18:31 1773325111

I believe Android Work profile[0] would have limited the damage to the work profile rather than also impact the personal profile on a personal device.

Does anyone know if this is correct?

[0] https://www.android.com/enterprise/work-profile/

p2detar · 2026-03-13T08:31:52 1773390712

Exactly. BYOD cannot be wiped [0], neither on iOS, nor on Android. Only company-owned devices are affected.

edit: 0 - on iOS this means enrolled via User Enrollment

Melatonic · 2026-03-13T18:05:08 1773425108

Thats assuming their IT department was competent and did the enrollment process correctly. Which, based on them just getting mega hacked, seems unlikely.