Who could have guess bombarding users with 2FA, 3FA, MFA requests to their phone 20 times a day would cause fatigue!

Some personal highlights spread across multiple jobs:

- IT decided they'd make some awful SharePoint page the browser homepage for Chrome via group policy. That page required you to login to your Microsoft account. If it was a Monday morning you'd have to authenticate via SMS just to see your homepage, or, what I did usually was ignore it. Every time I opened a new browser tab I'd get a new SMS. This went on for weeks at a time, maybe 50 SMS per day, out of spite. Eventually they disabled that crap. Anyone that deals with Microsoft logins knows that "Remember me" is almost totally a fake option that does nothing on purpose. [1]

- VPN that requires logging into your Microsoft account, which then sends you a notification to Microsoft Authenticator app, which requires a face scan, followed by typing in a code, followed by another face scan. At no point in the design process of that did someone think typing the code was redundant.

- Despite being a software engineer, able to produce executable binaries at will, which all seem to be trusted by our security software, I still need to talk to IT maybe 5 times a month to get <very popular well known widespread development tool> approved by the security software.

- Bonus points for the previous one, I often need to manually provide the exact DLL's used by the above. Every update means new file hashes, meaning repeating it all over again.

- Local admin rights to my work machine and yet for whatever reason IT make us type a password to open Windows Task Manager.

- Telling us all they have bought Copilot licenses we should use, only for IT to ring you almost immediately after using it because their corpo-garbage firewall starts throwing a fit about Copilot's requests to github.com, despite us already using GitHub.

[1]: https://www.bbc.com/future/article/20150415-the-buttons-that...