Mild Dermatographia



Two-Factor Authentication

rant

My University made 2FA mandatory to access remote resources (such as SolidWorks, electrical labs, etc.) a while ago. Once 2FA was set up, however, it was applied universally; if I want to log into my university email, I need to use 2FA. If I want to check my grades, 2FA. If I want to see my schedule, 2FA. If I want to apply for scholarships, you guessed it, 2FA. There’s also no return policy on it either. I can’t go back to before I had 2FA on my account.

So what’s so bad about having two-factor authentication enabled for all my university accounts and services? Doesn’t it improve the security of your acccount so that, even if someone had your password, they couldn’t log on without your phone?

Well, yes. But frankly, I would rather someone hack into my account and withdraw from my program rather than put up with 2FA.

I get distracted relatively easily. I keep my phone in a separate room, heck, on a separate floor, so that I’m not tempted to check for notifications or open Reddit or Hacker News. Sure, I could visit those websites on my laptop too. For me, however, my laptop is for work and my phone is for brainless distractions. Having it nearby all the damn time is adding unecessary temptation.

I suppose I could run downstairs every time I need to sign into a university service, but I think I’d rather complain about this cosmic injustice online.

2021-02-19: I have another gripe to add to this, although it is very covid specific. I live at home right now with my family and don’t leave the house, except for the occasional walk or groceries. There’s virtually a 0% chance that a bad actor can access my phone. As a matter of convenience, then, I’d rather not have a lock screen at all for now. Microsoft’s authenticator app forces me to set a lock screen with a pin, so because my university insists on us using 2FA, I need to type in a pin every time I want to read a text, change songs, look something up, etc. Clearly a first world problem, but still irritating.

2021-02-25: Well, well, well. Why am I not surprised the plot thickens. Turns out I can authenticate while my phone is still locked. If I can authorize access to my account while my phone is locked, then why do I need a phone lock for two-factor authentication to work? I feel vindicated for calling it a first world problem, because it’s so much more than that; it’s just plain illogical!