Two-factor authentication is a nuisance and does nothing but annoy the user.

I fucking hate when I’m trying to log into something and in order to complete my login I have to receive an email or text message with some stupid random number to make sure it’s really me. It’s almost always when I’m in a hurry, and it’s almost always for no real reason. I understand if I logged in yesterday from Philly and suddenly today I’m logging in from Russia, but in an age of public Wi-Fi and dynamic IP addresses having me verify myself every single time you detect a different IP address or device is just annoying and tedious.

There’s nothing more annoying than when I get up from my couch and go into my computer room to check my bank account only to find that I need to enter the “one-time passcode” that was texted to me, and I left my phone on the coffee table. PNC Bank is terrible with this. It’s literally every single time I try to log in to my account. They adamantly refuse to remember my computer for some reason, and it’s fucking frustrating to have to constantly enter some random six digit number whenever I want to pay a credit card off or make sure someone didn’t jip me. Fix your fucking shit, PNC. I’m not kidding, I just tested this by logging into my account (after entering the code they texted me), making sure to tick the box that says “Remember this computer”, then logging back out and trying to log back in again. I didn’t even close my browser or navigate away from PNC’s website, and you guys wanted to send another verification code. Unacceptable, fuck you and fuck your shitty web development team. Go fuck yourselves, PNC.

Security experts boast about how great multi-factor authentication is at keeping out would-be intruders, but what they don’t mention is how great it also is for keeping out users. If I ever lose my phone or have my email compromised I’m hosed as far as getting into certain accounts goes. Or God forbid I ever get a new phone number or email address and forget to update something somewhere across the internet. Yes, in theory it could prevent unauthorized access by basically requiring me to enter a second password created specially for me and sent specifically to my phone or email. That’s good enough for keeping out someone who found my info on a password list somewhere. Unfortunately, SIM spoofing and SMS redirection isn’t terribly hard for an actual hacker to accomplish, basically thwarting two-factor authentication.

Look, I get it, it’s highly unlikely that the average person will ever be targeted by an actual professional-level hacker utilizing SIM spoofing or SMS redirection, and two-factor authentication is mainly meant to keep out the people I mentioned using a leaked password list. And for that, yeah, it works, I guess. It’s still annoying though, and I feel like there’s better less obnoxious ways to handle this. A simpler way would be to just send an email or text message any time a log on from a new IP address or device is detected, with a “Was this you?” message, and a password reset link to click if it wasn’t you. That way I don’t have to waste time entering a second password, and any unauthorized access can be revoked by simply clicking the password reset link. It’s not rocket science, the average Joe doesn’t need multiple layers of password protection.

What’s the point of even making me pick a complicated password with capital letters, numbers, symbols, and the blood of a virgin goat if you’re still going to require me to enter another random password anyway? Why not just skip the bullshit at that point and do away with the regular password in favor of a unique single-use verification code that gets sent to my phone or email whenever I enter my username?

I wish these services had an opt-out from two-factor authentication, I’d break my wrist clicking on that magical little box that lets me never have to deal with bullshit like SteamGuard, Authy, or receiving a text message with a verification code ever again. Just let me log in without having to jump through several hoops. The argument against this is “WELL PEOPLE ARE STUPID AND WILL CHECK THAT BOX AND GET HACKED”. They voluntarily checked the box with a weak password, that’s their problem. My passwords are strong enough to not get guessed, and if that password ends up on a password list somewhere I change it the moment I get notified. Why should I have to suffer because other people are retarded? If some idiot sets their password to “Password1234” and gets their shit broken into then fuck them, they had it coming. It was probably only a matter of time before they fell for a phone call or email from Bob the county password inspector or some other equally stupid scam that only your 85 year old grandma would fall for. Why is it my problem or the service’s problem that you’re a moron?

Let’s do away with this two-factor bullshit, or at the very least give users the option to opt out. This shit’s a waste of my time.

Avatar photo

By Angry_Jerk

The CEO/Editor-in-chief of AJnet, and the current king of internet ranting. Hailing from the fine village of Northeast Philadelphia, AJ has been creating content on the internet for over 15 years. None of it has really been funny or entertaining, but he keeps trying anyway. When he’s not creating new articles for the site, he can be found hitting the weights, watching anime, or playing retro video games.