December 24, 2015 at 23:38Australian government portal encourages residents to turn off two-factor authentication
Australian authorities continue to urge their citizens to turn off two-factor authentication on the country's main portal myGov . ( This portal is designed for quick access to a wide range of government services: government payments, services for pensioners, unemployed, families, medical services, insurance, child support, tax services, etc. The digital state. )
Two-factor authentication on the site is implemented by sending one-time passwords via text messages that complement the regular user password.
A number of users on Twitter noted that in addition to reducing security in general, these measures can become even more dangerous when residents of a country go abroad:
. @myGovau People go into higher risk secnarios (open hotspots, internet cafes) and you suggest downgrading security? How silly / cc @troyhunt
- Tatham Oddie (@tathamoddie) December 22, 2015The meaning of the proposed initiative is clear: most tourists change their Australian SIM cards to local ones when they go on vacation. After performing such actions, they will not be able to receive messages from myGov until they transfer their Australian card back to the device, which causes certain troubles.
Simplifying the lives of its travelers, the government’s proposal significantly neglects the security offered by two-factor authentication when using the site on the Internet. This security layer is even more important when you access the site from a non-secure home or work network. Given all the disadvantages of such a step, the persistent appeals of the state look quite sharply and prompt people to various kinds of thoughts.
In the wake of criticism from the public, myGov left a comment on Twitter saying that "people who decide to turn off two-factor authentication will still need to enter an answer to a secret question to enter":
If you turn off security codes, you'll still need to securely sign in with secret questions & answers. More: https://t.co/ON1BrUQ2pY
- myGov (@myGovau) December 22, 2015On the page, following the link suggested on Twitter , there is no information about secret questions and answers to them.
And even considering this possibility, it cannot be considered a full-fledged replacement for a solid two-factor authentication.