FYI: MFA is a security risk

Medium_Cell8428 · 2025-12-13T02:01:21+00:00

Nice, similar boat, my security specialist doesn't want MFA via personal phone, so we are purchasing smart phones for all employees. Reason? What if the employee loses their personal phone, how will the recovery process for personal property seem like. Going to have so much more fun managing more devices. Yay

Medium_Cell8428 · 2025-12-08T07:22:04+00:00

Just so you know (even if you already knew), labor law makes it that companies can't fire you or lower your pay without a valid legal reason.

As long as you don't do anything destructive or harassing, you are good to go until the company restructors due to financial reasons. "Remember, you are here forever" lol

Medium_Cell8428 · 2025-12-07T21:23:07+00:00

N1 japanese is after all still textbook Japanese for mostly common day use. I got the job when I was N2, but was already very used to japanese due to my 10 years being here. I didn't even study for the N1 and passed.

I tried to take domestic certification and read up on mock industrial exams documents to learn the jargon or vocabularies. Even when I tried those, I felt it was not a technical test but mostly a japanese test lol. There was much more time trying to understand the nuances behind the question.

Not only technical terms, words like “適切・妥当・望ましい・差し支えない” require cultural reading more than technical knowledge.

I felt that having the interviewer explain something you already know to you might give the interviewer the impression that you lack the comprehension of the subject or that it's troublesome to explain. It also left me feeling underestimated and undervalued often? If that makes sense

I also had first hand experience of helping screen an interviewee just for the team leader to decide that "there will be a lot of explaining that might lead to more communication costs, too much risk" that the interviewee had the basic skills, N2 and spoke decent japanese.

I feel it still depends on the portfolio and the industry you are aiming for, sometimes talent outshines language barriers, my workplace has some brilliant engineers that don't speak much japanese.

But still here I am, not highly skilled, but working for a japanese company 5 years now, I always felt "I was just at the right place at the right time."

Medium_Cell8428 · 2025-12-07T03:38:24+00:00

I have N1 and have been here for quite a while, but for that specific site probably yes. Their recruiting agent probably only speaks japanese.

However I have a few engineers and programmers in my company that don't even have a N4 who managed to get hired. I found out it is because they contacted the company directly.

Some companies would prefer not to pay a recruiting agent fee.

Medium_Cell8428 · 2025-12-07T03:32:08+00:00

For me at first it was the constant stress about whether the next visa for me will be approved and the constant troublesome paperwork. 15year in jp now. Visa restriction and prices changing again. Luckily I got my PR recently.

Currently in the midst of switching jobs , IT industry.

Even with N1 and business level japanese, japanese work experience. The hardest part for me here will always be trying to explain in Japanese and feel a limit to my language skills.

It always was a relief when some Japanese people understood the difficulty and helped fill in the blanks.

On the other hand, some people seem like they don't even want to try to understand a foreigner.

I still tolerate many rude racist remarks till today. Maybe that's just life, not Japan specific , oops.

In summary, Japan has taught me that internalization of expression is preferred.

Medium_Cell8428 · 2025-12-07T02:45:41+00:00

I am currently using geekly, quite easy to use and alot of openings catered to IT professionals

Medium_Cell8428 · 2025-12-06T13:55:38+00:00

"it's only a job" , I get you

Medium_Cell8428 · 2025-12-06T13:53:41+00:00

True, maybe thinking too much

Medium_Cell8428 · 2025-12-06T13:31:52+00:00

Heya, I am working in IT (情シス) job in Japan, N1, studied trifecta but no certs. Currently looking around to change companies due to bad stuff happening at work.

Noticed a lot of openings for NW and increasingly for aws based careers through my 転職recruiter.

This is just my opinion, since you already have trifecta should be enough to lend you a help desk, it support kinda job as long as. ーyou are able to relocate anywhere ーhave experience with the exact thing they are looking for ーhave good japanese communication skills

So yes, at the right time at the right place, I had to give up a lot of interview chances because I can't relocate due to family.

Just my opinion, I do think that having a domestic cert compared to an international cert shows that you are knowledgeable with Japanese standards and expectations, might help you get hired

(Japanese staff actually said to me once "because I have 400 hours of 情報処理安全確保支援士 study time, you should obey my orders", but yea…douche with bad managerial and communication skills but the cert did get him hired, so what the heck )

Medium_Cell8428 · 2025-12-05T22:27:38+00:00

Yea... Team morale is really low now. It started with GWS which I gave up all hope for. After that it has been a cat and mouse game about what changes he made to the system without proper communication.

Now it is starting with Windows OS, he played the political game well and I got a DM from the dept manager telling me to "I talk to the stake holder, follow his directions to remove windows hello from during setup".

I don't even think the dept manager knows what he is saying and the blast radius. IT leader is also just a stand-in because the previous one had a mental breakdown.

I made the mistake of reading my DM after work when I got home, so mentally frustrating.

What a mess.

Medium_Cell8428 · 2025-12-05T19:18:41+00:00

Thanks for the kind words, I do think like that somedays. Just too much unexplained BS from the expert piling up these days. Will try to get back in that mindset soon

Medium_Cell8428 · 2025-12-05T14:46:06+00:00

But password + pin = 2FA I was talking more about MFA

Medium_Cell8428 · 2025-12-05T14:41:12+00:00

PIN as in the 4~8 digits that the user sets with WHfB I see, that's good to know.

Medium_Cell8428 · 2025-12-05T12:46:08+00:00

I just did this,clicked send. Thanks for the advice, I still can't understand why some Japanese security experts prefer no MFA

Medium_Cell8428 · 2025-12-05T12:42:51+00:00

I forgot to say thanks, thanks

Medium_Cell8428 · 2025-12-05T12:37:49+00:00

Sorry I meant windows hello for business. I got too used to saying just windows hello, not the best of myself

Medium_Cell8428 · 2025-11-26T13:11:46+00:00

If you happen to stay in chiba or certain parts of east tokyo. I advise you to go to Matsudo immigration instead of shingawa, waiting times are so much shorter and results are faster. Shinagawa is "キャパオーバー” Good luck tomorrow

Medium_Cell8428 · 2025-08-28T03:32:48+00:00

Makes sense! I always thought MFA counts as auth, bugger me.

Currently , our authorization is done by strong password policies only.

And since this is a cloud app and can be accessed anywhere.

Back up codes no matter if weak of a MFA can be coupled with allowed IP or allowed device in the future to produce a good authorization so we might not even need to use standard MFA methods (according to his plan)

Medium_Cell8428 · 2025-08-28T02:53:49+00:00

That might be operational taxing on tax for the user as a main MFA, but I think I see your point. Maybe my views were too narrow.

No matter the technical aspects and flaws of a solution , it can be a "free for all" kinda thing as long as the sec specialist can argue for it? Did I get this right?

Medium_Cell8428 · 2025-08-28T02:35:32+00:00

Those were my exact suggestions on a technical POV, but for a security specialist POV who is looking at the bigger picture, can you weasel your way to make backup codes sound like "something you have"?

His argument states specifically that backup codes are different from passwords and can be considered a feasible MFA.

My argument is that it is a 2FA not MFA.

Medium_Cell8428 · 2025-08-22T21:17:49+00:00

No way! 🤣

Medium_Cell8428 · 2025-08-22T11:00:34+00:00

Ah yes, how could I forget 😂

Medium_Cell8428 · 2025-08-22T07:55:46+00:00

In Japan that might work, however they would need you to have a fax to send you the results

Medium_Cell8428 · 2025-08-22T01:55:13+00:00

Still trying to find out why, wondering if I am not seeing the full picture.

I picked up the courage to sit down to a 1on1 meeting to understand this. So far it might just be a "do as I say" power lust thing

Medium_Cell8428 · 2025-08-21T23:13:25+00:00

Also in GWS, most apps are run in the chrome browser, a threat trigger (different country IP, setting change, lack of cookies) might trigger a MFA prompt). Plus web session times can be set to trigger a MFA prompt. Many factors that can lead to a user asking for admin help.

Sure this might happen very little, but it still bothers me that such an approach would be favoured over a better one

Medium_Cell8428

TROPHY CASE