Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian Government Tells Citizens To Turn Off Two-factor Authentication (arstechnica.com)

Posted by timothy on from the perfect-security-vs-perfect-convenience dept.

An anonymous reader writes with this news from Ars Technica: The Australian government has repeatedly called for citizens to turn off two-factor authentication (2FA) at its main digital government portal, myGov. The portal's Twitter account has recently been updated several times with cute pictures encouraging holidaymakers to "turn off your myGov security codes" so that "you can spend more time doing the important things."

The portal is the place where Australian citizens can use and manage a number of governmental services, including health insurance, tax payments, and child support. In case of myGov, two-factor authentication is implemented by sending users text messages that contain one-time codes to complement their usual passwords.

5 of 146 comments (clear)

  1. Begs the question by liqu1d · · Score: 2, Interesting

    Was it hacked or has someone been drinking too much fosters?

    1. Re: Begs the question by Anonymous Coward · · Score: 2, Interesting

      The Australian government is just plain stupid (and undemocratic, too).

    2. Re:Begs the question by Anonymous Coward · · Score: 2, Interesting

      Was it hacked or has someone been drinking too much fosters?

      Nobody here drinks fosters. Stop perpetuating this tired meme.

  2. myGov is a nightmare. by sg_oneill · · Score: 5, Interesting

    myGov has to be one of the worst executions of a good idea I've come across. Basicallly its a single sign on portal to other government services that appears to be designed by a committee of very user unfriendly elderly people. You dont get to have a username, you get a user number. The system insists on a *very* strict password, and if you get it wrong three times, your account is locked for the day, even if your on a welfare payment that requires you to log in that day by law. It also asks you to answer various questions ("What is your mothers maiden name" type things, and its anal about input to the point of paranoia. Capitals wrong? One day account lock!). I get that they are worried about security , but how about letting us have a user name we can remember, and setting that auth question to case insensitive!

    --
    Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
  3. I can't get it to stop trying to make me use 2FA by Anonymous Coward · · Score: 2, Interesting

    I'm an Australian with a MyGov account, and I refuse to give them my phone number. Every time I log in it asks for one, and tells me how much more secure I would be if I used 2FA. You can decline each time, but there's no way to tell the system "no, not now, not ever, don't ask me again". I even sent feedback to the webmaster asking how I could tell it that I DO NOT HAVE A MOBILE PHONE so it will stop asking me, and got no response.

    And now they're urging people to turn it off!
    Bizarre.
    (I always knew that the reason they wanted a phone number had nothing to do with protecting my security.)