
Australian government tells citizens to turn off two-factor authentication - Jerry2
http://arstechnica.com/tech-policy/2015/12/australian-government-tells-citizens-to-turn-off-two-factor-authentication/
======
jacalata
Well that's a contender for overblown fear mongering headline of the week.
Let's try again, headlining it "Australian government website encourages users
to downgrade their account security by turning off TFA". I know, I'll generate
less outrage, but on the bright side it's factually accurate, which is a lot
more than you can say for the original (for a start, you don't need to be an
Australian citizen to use a mygov account).

~~~
serge2k
I think the rule is you have to use the original page headline. avoids
editorializing.

~~~
jacalata
Yes, sorry - I was criticizing the article, not the poster.

------
therealunreal
> The reasoning behind myGov's suggestion is understandable: some tourists
> will swap their Australian SIM cards to local ones while on holiday. Once
> this is done, they won't be able to receive myGov security codes without
> reinstalling their Australian SIMs, which is a hassle.

------
oliyoung
Also relevant [http://www.smh.com.au/digital-life/consumer-
security/taxpaye...](http://www.smh.com.au/digital-life/consumer-
security/taxpayer-records-exposed-by-serious-ato-mygov-security-
flaw-20151117-gl1kex.html)

Security isn't a strong point with these people, which is amazing for a portal
that has literally every relationship you have with the Aus government …

------
sdiq
As someone who started using 2fa only yesterday, I was wondering whether it
would have been possible for the Australian government to have an app-based
token as an alternative? How is that compared to hassles of text-based tokens
when someone if out of the country?

Edit: grammar.

~~~
akerro
It doesn't matter if it's a text message or OTA application like FreeOTP. Both
require physical access to device you authenticated before. Personally I
prefer OTP, just because I don't want to provide my phone number everywhere.

~~~
jacalata
It does matter, because the apparent rationale is that they know users change
SIM while travelling - so they have access to the device but not to the phone
number used for SMS.

