Now Reading
Australian Government Advises Citizens to Switch off Two-Factor Authentication

Australian Government Advises Citizens to Switch off Two-Factor Authentication

by Samburaj DasDecember 23, 2015

It’s a move that beggars belief. The Australian Government, via Twitter, is advising citizens to turn off their 2FA or two-factor authentication setting when they’re out of mobile range, a normal occurrence when travelling abroad.

In a bizarre series of tweets, the Australian Government has advised citizens to disable two-factor authentication on their accounts on myGov, the Australian government’s main digital portal.

myGov is a portal wherein Australian citizens can access and manage several services including tax payments, health insurance and more, as reported by ArsTechnica. The 2FA security measure in the portal is a system wherein users receive text messages containing a one-time code that is required to go in tandem with their passwords as an increased security measure.

Here’s the already infamous tweet, posted by the myGov twitter account:

While the suggestion to turn off 2FA is cringe-worthy, it’s easy to see the reasoning behind the tweet. It’s the holidays and citizens travelling abroad for a short trip to Indonesia or any other destination Australians frequent for a quick holiday, are likely to change their SIM cards for a local one in their location. No Australian SIM card would mean no 2FA codes, which would leave them locked out of their accounts.

The above tweet explicitly states “Remember to turn off your myGov security codes before you go (overseas). And you can spend more time doing the important things,” which presumably doesn’t include adopting a better standard of security for one’s online account.

The criticism was predictably swift, with multiple Australians pouring scorn on the ill-advised tweets that make for bad advice.

In response to the criticism, myGov posted another tweet in trying to reassure users by stating that those who turn off security codes will still need to securely sign in with “secret questions and answers.”

If this were true, the security implementation to answer multiple “secret questions and answers,” would still be bizarre. As things stand, the URL mentioned in the tweet does not provide any added insight on the secret questions and answers.

Regardless of the context, a government body publicly advising users to lower the security on their accounts makes for a farce.

Featured image from Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • Lulz. And they expect citizens to trust them with data.