I think the logic behind 2FA (Two-Factor Authentication) doesn’t make sense. It seems to serve the business interests of the companies pushing it more than the actual security of their customers. Let me explain.
Adding an extra step for authentication seems to provide additional security, but it’s in fact dubious:
The added friction is in opposition real. For example, you have to wait to get a text or an email. You might also not receive it if the text gateway or the email gateway is currently down. You can even be completely locked out of your accounts if you are traveling abroad and can’t access your texts.
Finally, in certain cases of bad implementation, 2FA can create more attack vectors. If an attacker is able to reset your password via your phone or your email, he can gain access as easy as if 2FA weren’t there. 2FA is indeed in more case 1FA as you only need the second added factor to reset the actual password.
On the other hand, companies benefit more from 2FA than users. They have a constant flow to check if you are currently using the number you gave them or the email you gave them. In the case of advertising companies like Google or Facebook, the business benefit of added tracking is self-explanatory.
To conclude, I think we should be pushing the use of reasonably complex and unique passwords in order to improve security, and we should be against the push for 2FA adoption in the majority of cases.
P.S. I am aware of AWS Multi-Factor Authentication (MFA). They actually ship you a key fob device that generates keys used to sign in. It’s indeed a good implementation of 2FA, but its usage is very limited and most people don’t refer to this when they are talking about 2FA.
Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising &sponsorship opportunities.
To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!