Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian Government Tells Citizens To Turn Off Two-factor Authentication (arstechnica.com)

Posted by timothy on from the perfect-security-vs-perfect-convenience dept.

An anonymous reader writes with this news from Ars Technica: The Australian government has repeatedly called for citizens to turn off two-factor authentication (2FA) at its main digital government portal, myGov. The portal's Twitter account has recently been updated several times with cute pictures encouraging holidaymakers to "turn off your myGov security codes" so that "you can spend more time doing the important things."

The portal is the place where Australian citizens can use and manage a number of governmental services, including health insurance, tax payments, and child support. In case of myGov, two-factor authentication is implemented by sending users text messages that contain one-time codes to complement their usual passwords.

5 of 146 comments (clear)

  1. You can trust us... by fredgiblet · · Score: 4, Funny

    ...we're the government!

  2. the reason why by Gravis+Zero · · Score: 4, Insightful

    The reasoning behind myGov's suggestion is understandable: some tourists will swap their Australian SIM cards to local ones while on holiday. Once this is done, they won't be able to receive myGov security codes without reinstalling their Australian SIMs, which is a hassle.

    it seems to me this is probably the result of many support calls/emails because people don't realize when they switched their card that they couldn't authenticate. perhaps instead of turning off two factor authentication in a situation when it's needed most, that they should add a "vacation mode" that let's you temporarily pick a new destination for the text messages.

    --
    Anons need not reply. Questions end with a question mark.
  3. myGov is a nightmare. by sg_oneill · · Score: 5, Interesting

    myGov has to be one of the worst executions of a good idea I've come across. Basicallly its a single sign on portal to other government services that appears to be designed by a committee of very user unfriendly elderly people. You dont get to have a username, you get a user number. The system insists on a *very* strict password, and if you get it wrong three times, your account is locked for the day, even if your on a welfare payment that requires you to log in that day by law. It also asks you to answer various questions ("What is your mothers maiden name" type things, and its anal about input to the point of paranoia. Capitals wrong? One day account lock!). I get that they are worried about security , but how about letting us have a user name we can remember, and setting that auth question to case insensitive!

    --
    Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
  4. New Phone Number by Anonymous Coward · · Score: 5, Insightful

    If you get a new phone number they have to completely delete your account and you have to link everything again from scratch. Takes a couple of months. Well designed portal...

  5. Re: Begs the question by mbadolato · · Score: 4, Funny

    Ozzies don't drink Foster's. That stuff is 'roo piss.

    "Foster's. It's Australian for 'Pabst Blue Ribbon'."