Australian Government Advises Citizens to Switch off Two-Factor Authentication
It’s a move that beggars belief. The Australian Government, via Twitter, is advising citizens to turn off their 2FA or two-factor authentication setting when they’re out of mobile range, a normal occurrence when travelling abroad.
In a bizarre series of tweets, the Australian Government has advised citizens to disable two-factor authentication on their accounts on myGov, the Australian government’s main digital portal.
myGov is a portal wherein Australian citizens can access and manage several services including tax payments, health insurance and more, as reported by ArsTechnica. The 2FA security measure in the portal is a system wherein users receive text messages containing a one-time code that is required to go in tandem with their passwords as an increased security measure.
Here’s the already infamous tweet, posted by the myGov twitter account:
Going out of mobile range? Turn off myGov Security Codes so you can still sign in! Go to 'settings' in your account pic.twitter.com/9H11ZZWuC9
— myGov (@myGovau) December 22, 2015
While the suggestion to turn off 2FA is cringe-worthy, it’s easy to see the reasoning behind the tweet. It’s the holidays and citizens travelling abroad for a short trip to Indonesia or any other destination Australians frequent for a quick holiday, are likely to change their SIM cards for a local one in their location. No Australian SIM card would mean no 2FA codes, which would leave them locked out of their accounts.
Going overseas this summer? If you're registered for myGov security codes make sure you turn them off before you go pic.twitter.com/bTD1ndIFBe
— myGov (@myGovau) December 14, 2015
The above tweet explicitly states “Remember to turn off your myGov security codes before you go (overseas). And you can spend more time doing the important things,” which presumably doesn’t include adopting a better standard of security for one’s online account.
The criticism was predictably swift, with multiple Australians pouring scorn on the ill-advised tweets that make for bad advice.
.@myGovau Perhaps instead of telling your users to do literally the worst thing ever before travelling, you implement TOTP support?
— Colin Mahns (@colinmahns) December 22, 2015
@myGovau Amazing. Another top tip is to leave a spare key under the doormat.
— Matt (@undulanti) December 22, 2015
@myGovau this is literally the worst advice you can give your citizens. what the fuck are you thinking?
— Cidan (@Cidan) December 22, 2015
@myGovau This is a stupid idea! Overseas, on public open wifi, connecting to their Aus Gov website and U recommend worse security practices?
— Andrew (@austoonz) December 23, 2015
@mygovau dumbest suggestion ever. Maybe we should just write our passwords down incase we forget them too?
— Matthew Savage (@amasses) December 23, 2015
In response to the criticism, myGov posted another tweet in trying to reassure users by stating that those who turn off security codes will still need to securely sign in with “secret questions and answers.”
If you turn off security codes, you'll still need to securely sign in with secret questions & answers. More: https://t.co/ON1BrUQ2pY
— myGov (@myGovau) December 22, 2015
If this were true, the security implementation to answer multiple “secret questions and answers,” would still be bizarre. As things stand, the URL mentioned in the tweet does not provide any added insight on the secret questions and answers.
Regardless of the context, a government body publicly advising users to lower the security on their accounts makes for a farce.
Featured image from Shutterstock.