The bloated tyranny of two-factor authentication is ruining my online existence. There has to be a better way

collage with login screens from Google, Slack, EA, and Epic
(Image credit: Google | Slack | EA | Epic)
Dave James - Editor-in-chief, PCG Hardware

Dave James

(Image credit: Future)

This month I have been mostly... willing myself to play Rogue Trader. I mean, I like Warhammer 40K, and I love CRPGs. So, what's stopping me? The early launch day bugs and the cautioning words of my brother, into whom it has its claws already. But it's better now, and I really ought to dive in before I get lost in Dragon Age: The Veilguard.

It's better to be safe than sorry. That's the received wisdom around internet security. And fair enough; a ton of our life is online, as well as some of our most prized possessions. Y'know, like our Steam and bank accounts. But, for the love of Gabe, there has to be something better than the ever-more-bloated tyranny of two-factor authentication to keep them and us safe.

Before I rant, however, I do want to make it crystal that I get it. I know why we have 2FA. I understand that in an age where there are growing numbers of cybersecurity incidents, whether perpetrated on individuals or companies, it is vital to find a way to ensure logins are safe, robust, and secure.

It's certainly better than the days of having an almighty Steam press account stolen from under our noses back in the bad old days of the internet hinterlands, and it's better than the weirdly flimsy passcode generators I once needed for online banking, which would invariably collapse in on themselves in some pocket-based singularity, locking me out until I could get a new one from a physical branch. But really 2FA just makes me want to cry. Every. Single. Day.

My daily routine just to log in and get working in the morning is so grating it feels like a hawthorn twisting under my fingernails with each, ever-more frustrated thock on my keyboard. For that, Google is the worst offender, a prime candidate for the first 2FA against the wall when the revolution comes.

For reasons so boring I needn't go into them here, I have to log into my PC Gamer Google account fresh every eight hours, or so. Thankfully, the exciting shiny new dialog at least retains my email address, but as a managed account Chrome refuses to hold onto my password.

This means I have to enter it fresh every time. That alone is an aching pain akin to a lightly grazed gonad. It lingers and it grows. But it's not the end of it.

Then I have to verify my own login attempt via phone. That is usually just a case of opening my phone—via some form of biometric or pattern-based authentication—and then hitting a button on the screen. Sometimes it's not though. Sometimes I have to ask my PC to text a passcode to my phone via SMS, because for whatever reason Google can't see my phone well enough to punt a standard verification notice through it. That then needs to be entered manually into the Google dialog on desktop Chrome.

However it comes through, that should be the end of it. That should be me into my Google life and ready to sift through emails about new tech, weird tech, stock updates, cybersecurity training (hoho), and for some reason emails about celebrity reality shows.

But no. That's not it. Because as soon as I log into my email account it will bring up my inbox for the briefest of moments, before hoofing me back out to the login screen again, because it says I am no longer logged in.

So, I have to do it all again. Every day. On any device. Google logs me out immediately and demands I jump through all its hoops just one more time.

While Brin and Page laugh maniacally in one of their myriad mansions.

Then I must log into the instant messaging app we use to communicate across the team, which again requires that well choreographed digital dance of email address, password, 2FA hit on my phone and my own tenuous sanity.

Sometimes I'll just sit in a boiling cauldron of rage, seething quietly to myself, battling to bring down my blood pressure for fully ten minutes before saying one word to anyone. Sometimes I just channel that rage and see how many people on the team I can upset in one brief tirade.

Neither, I believe, is a particularly healthy way to start the day.

Image showing a Steam library

(Image credit: Future)

Were it just my working life I could probably cope with it. I mean, work's not meant to be fun, is it? Nevermind that I have to use the Google Authenticator app if I want to post to our social platforms, don't worry that if I end up working a little later I have to login again (🤦‍♂️twice🤦‍♂️) when it kicks me out for being too damned diligent.

But I can't escape when I'm gaming, either. Steam, I'll give you, is pretty robust. Sure, I need to use a form of 2FA to get into my ultra valuable account for the first time, but once I'm in I can be pretty confident I'm not going to have to do that again on that particular machine unless something catastrophic happens. I cannot say the same for either EA, Ubisoft, or Epic.

Remember me. Please remember me. And if you cannot remember me, at least remember the hardware you live inside. Alas no, however many times I ✅ that box these amnesiac game stores will invariably pop up the very next time with a friendly "Gee, it's nice to meet you, would you like to play a game?"

And so the dance begins anew. Go find that password in my password manager. Sometimes maybe even find out what the hell I called that damned account or what email I tied it to. Then log in. Then dig out whatever passcode I need, etc. etc.

It's relentless and in this modern age there is no respite. But, as I said, I get it. We do need some form of security when we're spending $80 - $100 on an ephemeral game code licence, and when we live our lives so firmly online. And two-factor authentication was a smart way to better protect companies and individuals from brute force attacks on stored details. Yes, even if your password security is breached you're still safe behind the armour of 2FA.

Because of its success, it has become ubiquitous, to the point where each and every login for any of your online portals, profiles, or applications will demand some secondary form of proof of your personal veracity.

It's just that it's… a lot. There has to be a better way, is all I really want to say.

Now, I'm absolutely not smart enough to know what that other way might be, and I absolutely do not want to say AI because I know somebody will throw that hat into the ring. To me, AI login control feels less secure than just having a single universal password tattooed on your forehead.

Maybe we could all just be, y'know, nicer to each other? Then people wouldn't need to steal things online, and we could all just share. It's nice to be nice. There, I've solved internet security in the modern age. You're welcome.

TOPICS
Dave James
Editor-in-Chief, Hardware

Dave has been gaming since the days of Zaxxon and Lady Bug on the Colecovision, and code books for the Commodore Vic 20 (Death Race 2000!). He built his first gaming PC at the tender age of 16, and finally finished bug-fixing the Cyrix-based system around a year later. When he dropped it out of the window. He first started writing for Official PlayStation Magazine and Xbox World many decades ago, then moved onto PC Format full-time, then PC Gamer, TechRadar, and T3 among others. Now he's back, writing about the nightmarish graphics card market, CPUs with more cores than sense, gaming laptops hotter than the sun, and SSDs more capacious than a Cybertruck.