2FA is one of the things that makes me most angry. Usually because the one time Bader asks me is when I’ve got something time sensitive to deal with, it’s the end of the day and my phone is out of battery. Cue rage.
It might be more deep seated and the 2FA is just a physical manifestation of all the little hurdles we are put through to be permitted to volunteer our time for the betterment of society. (Or just for an excuse to leave the house)
We have 2FA because bader was hacked a few years ago. I think it would grind a lot of gears if all our personal data was leaked or our IT systems were destroyed by ransomware
2FA (or Mutli-FA) is a very important cyber security system. Unfortunately by making a system more secure you make it less easy to access. There is always a balancing act between security and accessibility. The Most secure system is switched off and buried in an unknown location 50m+ down with a password 500+ characters long to login but that’s not accessible. The same as the best accessibility would be a completely open system with no login or checks but that’s not secure enough.
The best system we have right now for that joined level of Security and Accessbility is 2FA usually using something you know (password), Something you have (phone number of authenticator app).
If you really want to push it you could even say that with most modern devices and authenticator apps needing a login that can be done by face or fingerprint you even cover the third area of authentication Something you are.
It’s a pain to do but in the current cyber climate these sort of precautions are unfortunately necessary. If we all worked in the same office and no WFH then you could use something like ID card in a slot and then password for 2FA. Unfortunately as it’s all done over the internet 2FA is a bit more of a pain to sort and use.
Under Section 16 (Advice and Assistance), you may find it helpful to know that
RAFAC has recently changed its governance structure. Minutes relating to the ‘Air
Cadet Management Board’ released previously under the FOIA are not reflective of
the format and nature of the information held which is in scope of this request.
Apparently we have changed our governance structure? Have we? Has that been communicated with us? Do we no longer have an ACMB?
Keep moving the goal posts to keep ahead of the FOIs!!!
Alternatively, be transparent. And stop the need for FOIs.
Your choice Tony.
(For absolute clarity, I do not condone people using the FOI process to get spurious information out of HQAC (and other public bodies). They detract and distract people from their primary function and generate a significant workload - over and above in an already stretched workforce - which, in turn takes away time, effort and energy which could be being used to support cadets and CFAVs.
BUT many of the FOIs look like they are raised to better understand the decision making processes and discussion at high levels to justify why we’re doing what we’re doing. Largely this is a result of poor communications and the application of a top down military culture to an organisation which no longer acts/reacts within that same sphere, staffed by passionate volunteers who need a different form of leadership from that being offered)
I feel your pain. I was working with a couple of Italians end of last week/beginning of this week. Turns out the had national holidays on Mon/Tue. First I knew about it was the email I sent Monday morning, getting an out of office just saying national holidays we’ll be back on Wednesday!
My out of office generally says “I’m out of the office and therefore don’t care what you are emailing me about, I’ll get back to you when I’m back” it might not be those words, but that’s the message.
With my RBL hat on, i have reason to email (invite) the Regt CO to events and all too often there is a OOO reply “I am on Operation INSERT HERE during the dates please contact the Regt Adj if urgent” with no mention who the adj is.
unlike the RAFAC which has an obvious adj.unit@ email it has to be the individual in the regulars - but i don’t know their name!
Always found out of office messages to be incredibly lazy and poor service. Why make it the issue for the person trying to contact me to have to find/re-email someone else.
Just from a good practise/service point of view we all agree who will intercept or manage others inbox when they’re away. So the person contacting us gets a reply just maybe not from who they were expecting. Some things can be dealt with by others, some can’t. But better a response from a person than a crappy out of office.
I think I read sone advice on NCSC or similar about not naming individuals in out of office replies. I’ve never gone as far as saying emails will be deleted on my return, but I do drop a heavy hint that I should be contacted again as I rarely catch up on missed emails.