As someone with a lot of computers who takes his security seriously, I tend to type in a lot of two-factor authentication codes, in part because I want to keep certain logins secure and it’s my way of ensuring that only I can access my applications.
It’s a little frustrating to have to grab my phone every time I want to log into my email provider, sure, but it also means that nobody else can log into that service unless they physically have access to a device of mine that can generate two-factor authentication codes.
But I have to admit, something happened over the weekend that had me questioning the push towards two-factor authentication. And that problem was with the authenticator app itself.
Essentially, Google let its Authenticator tool sit around with a botched Android update for a whole weekend, preventing anyone who relied on its two-factor authentication tool (and for some reason had a random incompatibility with their Android app) from using it. And because Google doesn’t tie Authenticator codes to, say, a Google account, this meant that deleting the app would have potentially put me in danger of straight-up losing the codes that I needed to log into my apps.
Now, I had a backup option for getting into my accounts—a version of the Authenticator app for iOS, which I could access via my iPad—but it was significantly less convenient, the difference between having my second factor in my pocket and my second factor on the other side of the house.
But I’m lucky I at least had that! See, it turns out that I was not the only person who had this problem, with some saying it was a deep inconvenience. Google literally convinced numerous people to use this tool to log into their accounts, uploaded a botched update that prevented a number of people from logging into their accounts in a secure fashion, and didn’t bother to update with a fix for four whole days. Some of them were left begging for a fix.
I initially thought this was a Samsung issue, and because Google doesn’t have, like, a phone number that you can call, I spent hours on the phone on Saturday basically trying to reach someone on the technical support lines I could access—both T-Mobile and Samsung—to inform them that they have a botched update for an essential application hanging out on the Google Play store.
This was not easy. I had to explain to T-Mobile that no, I was not going to delete this app and lose all of my logins, and to Samsung that yes, this is their problem even if they didn’t make the app themselves. This was a frustrating process, but T-Mobile seemed to take it seriously enough that they called me back multiple times to check in on the problem. (Google, it’s been 25 years, you’ve made your point; open up a damn customer support line already.)
The thing is, two-factor authentication is growing in importance as a way of securing identity. At work, I have to log into a second factor, using my phone, just to access my applications. Numerous other applications are reliant on second-factor authentication. Google itself is starting to require people to use two-factor to log into their Google account (which, fortunately, does not require Authenticator). Applications like GitHub are also moving to require two-factor authentication.
I guess what I’m trying to say is that this should just work, and despite that, Google just let this essential tool hang around for a whole weekend, not letting people log in.
We shouldn’t settle for that—not when it’s our security on the line.
Time limit given ⏲: 30 minutes
Time left on clock ⏲: 3 minutes, 47 seconds