I’m all for enhanced online account security, but has it maybe gone a bit too far? These days, I find myself needing to sign in to some accounts over and over, and others are now putting me through hoops to prove my identity.
All my online accounts are secured by 2FA where available. I use a password manager (Bitwarden) protected by a master password to manage all my passwords. My passwords are all strong and unique. Yet apparently, that is not enough.
Gmail, for example, is a perpetual pain in the butt. Admittedly, I use a locally installed email client to manage Gmail, but on the odd occasions when I need to visit Gmail online, I have to sign in and verify my identity again, every single time. Over and over.
Verify, Verify, Verify Again
I recently received an email from Microsoft Rewards suggesting that I claim my bonus reward points “before they’re gone”. So, I visited the Microsoft Rewards site to see what it was all about.
I signed in via my login details and was told that a verification code had been sent to my Gmail address. That email didn’t arrive, and this is a common theme with Microsoft; their verification email never seems to arrive. And yes, I’ve checked and double-checked that Microsoft has my correct Gmail address recorded.
So I opted to go with an alternative verification method, to send a verification code to my phone via text message. That worked, but that wasn’t the end of it. I’m now asked to complete a Captcha to “prove I’m human”.
I’m presented with some sort of weird puzzle that I’m supposed to solve. Now, I’m not dumb by any means, but this puzzle left me… well, puzzled. Frankly, I had no idea. So I clicked on an “audio” option and finally managed to get signed in.
Now, as I said, I’m all for enhanced security for online accounts, but this is getting beyond a joke. How many ways and times does one need to verify one’s identity before it’s enough?
I’m all for 2FA, I believe it provides extremely strong security, and I have always thought that once one proves one’s identity via 2FA, that would be the end of it.
But nooo, now seemingly, we have to prove we’re human too via some sort of Captcha, and these Captchas are very much hit and miss. Some are quite simple, but others defy logic, as was the case with Microsoft.
What do you think? Are some of these organizations maybe going overboard with their verification demands?
—
