I would like to posit that anything the cyber criminals might do to us would not be as bad as continuing to live in a world of two-factor authentication.
Two-factor authentication, or “2FA,” as we call it in the biz (hahahahahaha, I’m not in the biz, I just looked that up on Wired’s website), is intended to protect against cyber attacks on people who either use stupid passwords or click on phishing links. I say we let those people go. That’s natural selection.
And lest anyone think I’m being too harsh, I can say with absolute certainty that I will be among the first casualties. A couple months ago I fell for a phishing test because my employer pretended to invite me to a holiday potluck. I was so excited. And then so crushed. And so humiliated — I don’t know which is worse: getting inordinately excited for a fake holiday potluck, or being subjected to the “remedial” phishing tests I now receive on a daily basis. The last one said something like, “Clikk on this fancy phlashing link from Nigeria, Pritty Ladie!” and I DID NOT click on it, but I mean I almost did.
Still, I’m willing to take one for the team if necessary so that the rest of the world can log peacefully into their e-mail in one smooth step.
Another confusing thing about 2FA is that we apparently need it because we’re bad at logging in to our computers, but so now we’re going to log in twice? I don’t think that’s going to make us much safer. Granted, I know nothing about computers, but again, the folks at Wired, who do, kind of agree with me.
Imagine if we implemented this fix with other challenges in our lives. I’m a really bad driver. I probably shouldn’t even be allowed to drive. Does anyone want me driving all the places I drive to TWICE?
My suspicion is that all 2FA is going to do is discourage people from checking their e-mail because it’s such a pain to get into. And since all the warnings about cyber security and the phishing tests are disseminated through e-mail, we might actually end up less safe. 2FA also just violates all the principles of human motivation. No one wants to check their e-mail anyway, so the “reward” for mastering 2FA processes is actually a punishment. It’s like having a horrible meal somewhere and the restaurant making it up to you by giving you a gift certificate for future meals.
I think the best possible response to 2FA is that we all completely stop using anything that requires it. I don’t know what the consequences of this will be. It’ll probably be catastrophic. But between when we all stop logging on and the apocalypse, there will be a brief and glorious span of time in which e-mail doesn’t exist again and people will rise up from their desks, roam freely in the hallways, and talk to each other at work. It’s going to be amazing.