For a hot minute, as the kids say, two-factor authentication seemed like the answer to all our security problems. But is it making a difference? Since I wrote this article over a year ago, even more companies have started requiring it. It’s gotten to the point where even some of the apps I use to buy food are using it. Isn’t it just getting to be a bit too much?
A solution that isn’t a solution
You can read my prior rant on the subject, so here’s the punch line. More and more of us do more and more of our stuff on our phones. We buy more. We search more. Sure, you may sit at a desk all day and use a traditional computer, but it’s completely possible to live a life without a PC if you’re at home. It’s even easier if you don’t have kids. And if you do use your phone, two-factor authentication isn’t a solution. I mean, think about it. If someone has your phone and they try to shop from it, they’re going to get a two-factor authentication message sent… to your phone.
Obviously you’re still protected if someone from the other side of the planet is trying to use your login information. While they could spoof or reroute the data going to your phone, they won’t. It’s difficult and takes reasonably expensive equipment to do. But if someone steals your phone, two-factor authentication is just useless. All someone has to do is unlock your phone. That may be hard in the first place, but it’s not impossible.
So if it’s useless and it’s really annoying, what’s the point?
The real truth of all this
We’re willing to put up with two factor authentication because at the moment, we can’t figure out a better way of doing it. Your average human is literally incapable of remember even one strong password, so password security isn’t the answer. Biometrics like Face ID and fingerprint ID aren’t foolproof. This classic Conan O’Brien sketch actually raises some creepy and legitimate questions about biometrics:
So if biometrics, passwords, and two-factor authentication aren’t the solutions, what is? That’s the problem. No one has figured that out yet.
2FA is probably here to stay
It’s never a good sign when something gets reduced to a neat little acronym. When you stop saying “two factor authentication” and start saying 2FA, it’s your hint that you’ve accepted the thing on some level. You’re willing to agree it’s just… gonna be in your life for a while.
Personally I hope someone comes up with a better idea that doesn’t infringe on your privacy, doesn’t bring up the specter of body part theft, and actually works to keep us safe. Actually I hope I’m the one who comes up with it, because it’s going to be a billion dollar idea.
Oh and meantime…
Rants like this are sponsored by Solid Signal. Even though the words are my own and do not necessarily represent the view of Signal Group, LLC or its subsidiaries (like that, bloodsucking lawyers?) Solid Signal is still kind enough to let me write them. So do me a favor and shop at Solid Signal, call us at 888-233-7563 if you need help, or fill out the form below.
