nettime's_internal_emigre on Wed, 23 Dec 2015 17:52:27 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Ars Technica > .au myGov > 'turn off 2FA so you can spend more time on holiday'

< >    

Australian government tells citizens to turn off two-factor authentication

When going abroad, turn off additional security. What could possibly go wrong?

   by Andrii Degeler (UK) - Dec 23, 2015 3:11 pm UTC

   The Australian government has repeatedly called for citizens to turn
   off two-factor authentication (2FA) at its main digital government
   portal, myGov. The portal's Twitter account has recently been
   updated several times with cute pictures encouraging holidaymakers to
   "turn off your myGov security codes" so that "you can spend more time
   doing the important things."

   The portal is the place where Australian citizens can use and manage a
   number of governmental services, including health insurance, tax
   payments, and child support. In case of myGov, two-factor
   authentication is implemented by sending users text messages that
   contain one-time codes to complement their usual passwords.

   A number of people on Twitter pointed out that, while downplaying
   security isn't a good idea in general, it could be even more dangerous
   when citizens go abroad:

     .@myGovau People go into higher risk secnarios (open hotspots,
     internet cafes) and you suggest downgrading security? How silly /cc

     -- Tatham Oddie (@tathamoddie) December 22, 2015

   The reasoning behind myGov's suggestion is understandable:
   some tourists will swap their Australian SIM cards to local ones while
   on holiday. Once this is done, they won't be able to receive myGov
   security codes without reinstalling their Australian SIMs, which is a

   While simpler for travelers, the government's suggestion guts the
   protections offered by two-factor authentication, which can provide an
   additional layer of security when logging in on the Web. 2FA is even
   more important when you're not on a trusted home or office network,
   which is why the Australian government's recommendation to turn off
   2FA is rather jarring.

   In the wake of criticism from users for the unsafe advice, myGov
   posted on Twitter that people who turn off security codes will
   "still need to securely sign in with secret questions & answers." The
   tweet offers a link to read more on the possibility, however the
   page it leads to doesn't mention it.

   Even if it did though, a few additional passwords aren't a true
   replacement for good ol' two-factor authentication.

   This post originated on Ars Technica UK

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info:
#  archive: contact: