Upon reading that first sentence, I immediately checked your username to see if you're my colleague. We do that as well and, while I think it sensible, I also feel like it's relatively out there compared to most businesses (even for banks and the like).
Now I'm curious, are you willing to disclose what line of work you do?
For me, it's security consultancy (code reviews, penetration tests, network scanning... occasionally physical security tests or other related things, but those three are the bread-and-butter), so new employees get to verify everyone's fingerprint on chat. I've been trying to get people to use key signing for PGP (email) and about half the people get it, but now that Thunderbird dropped support for the Enigmail plugin, it also stopped supporting the web of trust and you just have to go through and verify everyone manually no matter how many signatures a key has from people that you've already verified. They managed to make the PGP experience even worse, which is honestly something that should grant an award
Now I'm curious, are you willing to disclose what line of work you do?
For me, it's security consultancy (code reviews, penetration tests, network scanning... occasionally physical security tests or other related things, but those three are the bread-and-butter), so new employees get to verify everyone's fingerprint on chat. I've been trying to get people to use key signing for PGP (email) and about half the people get it, but now that Thunderbird dropped support for the Enigmail plugin, it also stopped supporting the web of trust and you just have to go through and verify everyone manually no matter how many signatures a key has from people that you've already verified. They managed to make the PGP experience even worse, which is honestly something that should grant an award