MyGov, the government website that allows access to services including Centrelink, Medicare and child support, is suggesting users turn off two-factor authentication for their account if they are going overseas.
Two-factor authentication is a second layer of security beyond passwords and usernames. It usually requires you to “have something on you”, like a mobile or a dongle.
When you try to log in, you generate and enter a unique code produced with the device. So if someone somehow gets your password, they won’t be able to access your account without it.
But myGov is suggesting on Twitter that people venturing overseas should turn off two-factor authentication.
Going overseas this summer? If you're registered for myGov security codes make sure you turn them off before you go pic.twitter.com/bTD1ndIFBe
— myGov (@myGovau) December 14, 2015
Two-factor authentication is increasingly used by banks and other secure services, as passwords alone are not secure. Many people use the same password for multiple places, putting them at risk when websites are hacked or companies don’t protect their databases properly.
For important services like banking, or even Medicare and Centrelink, an extra level of protection is necessary.
And as some have already pointed out on Twitter, people on holiday are probably more at risk of getting their credentials stolen. They’re often forced to use internet cafes or open hot spots, where passwords can be plucked out of the air.
— Tatham Oddie (@tathamoddie) December 22, 2015
myGov is encouraging users to turn off two-factor authentication because it requires not only access to a mobile, but access to the correct mobile number. When you login with the myGov system, they send you a text message with a unique code. This won’t work if you have taken your sim out or left your phone behind.
But there are alternatives to such a system – ones that can be taken on vacation.
Many HSBC accounts come with a “secure key”, which provides a code whenever a pin is put into it. The key doesn’t come into contact with the internet, so can’t be compromised in the same way as your password.
There are numerous other examples, including an app and online service provided for free by Google. If you are trying to log in to myGov then presumably you would have the internet connection to use a service like this.