Australian government advises citizens to turn off two-factor authentication

microsoft authenticator app version 1471293626 two factor authentication computer smartphone
In a move so bizarre it almost seems like a joke, the Australian government has advised its citizens to disable two-factor authentication, a key security measure that protects individuals’ online identities. Reading almost like a sort of reverse psychology (hey citizens, do the exact opposite of what we’re telling you), the advice has been panned by security experts who note that turning off this authentication method could leave Australians at serious risk. Stranger still, the Aussie government recommends this move when residents are abroad, or when they’re actually most vulnerable to being hacked. Maybe April Fools Day came early this year.

Going out of mobile range? Turn off myGov Security Codes so you can still sign in! Go to 'settings' in your account pic.twitter.com/9H11ZZWuC9

— myGov (@myGovau) December 22, 2015

On Monday, myGov, Australia’s primary digital government portal which manages health insurance, tax payments, and child support, took to Twitter to ask their 3,000 followers to turn off their 2FA protection, instead urging them to “spend more time doing the important things” (which apparently doesn’t include securing your accounts). A number of users immediately tweeted their disbelief at the seemingly faulty recommendation, noting that “downgrading security” never seems like a particularly solid idea.

Of course, the Aussies meant well with their suggestion. Australians going on vacation will likely trade their Australian SIM cards for those of the local country, which will make receiving myGov security codes impossible, unless they constantly go back and forth between SIM cards. Still, Internet users are most likely to have their information stolen when not on familiar territory, or on public networks (which they likely would be while abroad). This, experts and everyday individuals alike, makes the idea of purposefully making their accounts less protected strange at best, and downright stupid at worst.

Following the initial backlash towards their first tweet, myGov clarified that users would “still need to securely sign in with secret questions & answers,” at least providing some level of additional security.

If you turn off security codes, you'll still need to securely sign in with secret questions & answers. More: https://t.co/ON1BrUQ2pY

— myGov (@myGovau) December 22, 2015

Some critics, however, remain unimpressed.

@myGovau Are you guys on crack? Thats insane

— Anton (@Zedsupremus) December 23, 2015

So stay safe while traveling, friends. Sometimes, inconvenience is worth it.

Editors' Recommendations