From ArsTechnica:

The Australian government has repeatedly called for citizens to turn off two-factor authentication (2FA) at its main digital government portal, myGov. The portal’s Twitter account has recently been updated several times with cute pictures encouraging holidaymakers to “turn off your myGov security codes” so that “you can spend more time doing the important things.”

The portal is the place where Australian citizens can use and manage a number of governmental services, including health insurance, tax payments, and child support. In case of myGov, two-factor authentication is implemented by sending users text messages that contain one-time codes to complement their usual passwords.

A number of people on Twitter pointed out that, while downplaying security isn’t a good idea in general, it could be even more dangerous when citizens go abroad:

.@myGovau People go into higher risk secnarios (open hotspots, internet cafes) and you suggest downgrading security? How silly /cc @troyhunt

— Tatham Oddie (@tathamoddie) December 22, 2015

The reasoning behind myGov’s suggestion is understandable: some tourists will swap their Australian SIM cards to local ones while on holiday. Once this is done, they won’t be able to receive myGov security codes without reinstalling their Australian SIMs, which is a hassle.

While simpler for travelers, the government’s suggestion guts the protections offered…

Continue Reading