I’m all for enhanced online account security, but has it maybe gone a bit too far? These days, I find myself needing to sign in to some accounts over and over, and others are now putting me through hoops to prove my identity.
All my online accounts are secured by 2FA where available. I use a password manager (Bitwarden) protected by a master password to manage all my passwords. My passwords are all strong and unique. Yet apparently, that is not enough.
Gmail, for example, is a perpetual pain in the butt. Admittedly, I use a locally installed email client to manage Gmail, but on the odd occasions when I need to visit Gmail online, I have to sign in and verify my identity again, every single time. Over and over.
Verify, Verify, Verify Again
I recently received an email from Microsoft Rewards suggesting that I claim my bonus reward points “before they’re gone”. So, I visited the Microsoft Rewards site to see what it was all about.
I signed in via my login details and was told that a verification code had been sent to my Gmail address. That email didn’t arrive, and this is a common theme with Microsoft; their verification email never seems to arrive. And yes, I’ve checked and double-checked that Microsoft has my correct Gmail address recorded.
So I opted to go with an alternative verification method, to send a verification code to my phone via text message. That worked, but that wasn’t the end of it. I’m now asked to complete a Captcha to “prove I’m human”.
I’m presented with some sort of weird puzzle that I’m supposed to solve. Now, I’m not dumb by any means, but this puzzle left me… well, puzzled. Frankly, I had no idea. So I clicked on an “audio” option and finally managed to get signed in.
Now, as I said, I’m all for enhanced security for online accounts, but this is getting beyond a joke. How many ways and times does one need to verify one’s identity before it’s enough?
I’m all for 2FA, I believe it provides extremely strong security, and I have always thought that once one proves one’s identity via 2FA, that would be the end of it.
But nooo, now seemingly, we have to prove we’re human too via some sort of Captcha, and these Captchas are very much hit and miss. Some are quite simple, but others defy logic, as was the case with Microsoft.
What do you think? Are some of these organizations maybe going overboard with their verification demands?
—
And yet with that just described they still end up being hacked and users data sold on the dark web.
Yep. And once Quantum computing takes hold, current systems will be easily hacked. Not every business will be on that bandwagon immediately. Then the millions of individuals who will still be using today’s systems.
I have to agree. If you think that is bad, use an iPad and don’t turn on 2FA. All of a sudden, Apple forgets who you are even after you just logged back in to identify yourself. If you leave the iPad turned off for more than 4 hours, you are requested to go to settings and log in to your Apple account once again. Pressing the Home button, you can enter a Passcode to continue “logged out”. But then, you bring up an app such as messaging or Facetime, you get prompted At least 3 times to log in to your Apple account if you keep refusing . After a couple of days, the nag goes to 4-6 prompts before it finally gives in. Of course, activating 2FA makes it all go away.
Now, I know some of you readers will say what’s the big deal in turning on 2FA. Well if you don’t own a smart phone, only have a landline, don’t use a browser and e-mail, etc., just Facetime and messaging then 2FA is problematic. Yes, I know you can have the landline called and verify it was you trying to log in, but it is a PITA to go to your landline phone to wait for a call, only to pick up the phone to a “f”ing robocall that just happen to arrive ahead of the verification call. To make matters worse, “answering” that robocall ends up generating more robocalls, it seems like you go on a “sell list” as a “live one”, so even more robocalls come.
Now I know this is far from typical, but it was my situation when my wife was alive. She could not handle technology period. She was given an iPad so she could stay in contact with our children and grandchildren. She did not browse the internet or use other features – just Facetime and texting. We did not own a cell phone. Our landline only allowed local calls with no bells and whistles like caller-ID, long distance, etc. We did have a Closed Caption phone because she had hearing aids, but without caller-ID, no clue as to who was calling. Of course, part of the problem was her not wanting to give up the landline in favor of wireless or VOIP. Having experienced the occasional severe power outage, backup batteries aren’t sufficient. Also costs when you are on fixed income.