I need to rant a moment about two factor authentication, and the downsides of it. First of all, why is it forced on us, why can't the user decide if they need or want 2FA when logging into a system? If I have a 20 character password, that even I don't know or care what it is because it's in my password manager, why can't that be sufficient to get me into the thing I'm trying to log into? Secondly, most 2FA codes are sent via SMS, and that's great, but what if you have to change your phone number suddenly? What if you need to log into something, and maybe you don't have service or text messaging is being finicky? What then? And if your 2Fa code gets sent to you by email? Well that's all fine and Dandy as well, until you try and receive a code and it never arrives, even when you check your spam folder! That last scenario is exactly what has just happened to me this morning when trying to log into my Amazon web services (AWS) account. Had I been able to just login with my AWS USERNAME AND PASSWORD, ALL WOULD BE GOOD AND I COULD GET ON WITH MY DAY, BUT NO, A VERIFICATION CODE HAD TO BE SENT TO MY EMAIL, WHICH I checked, OVER an HOUR AGO, AND I'M STILL WAITING for either code to arrive. Of course by the time any code arrives, it will be invalid, and I would have to start the process all over again. Why are passwords suddenly this awful evil entity that should never exist, despite the fact that they've worked for decades? Hackers will always try and access resources, but if they seriously want to access my Amazon AWS ACCOUNT, AND CAN GUESS MY LONG PASSWORD ON THE FIRST TRY, THEN I WOULD THINK I WOULD KNOW SAID HACKER. WE HAVEN'T STOPPED HACKERS, WE'VE JUST MADE THINGS RIDICULOUSLY INCONVENIENT FOR END-USERS. WHY NOT MAKE THINGS EVEN MORE COMPLICATED? LET'S MAKE THE LOGIN PROCESS FOR A SIMPLE WEBSITE A 27 STEP PROCESS, complete with essay questions.
Kaveinthran
Monty Icenogle