Why does nobody talk about 2FA burnout?

Talked to a buddy who runs IT at a small firm in Boise. He said most of his users just click "remind me later" on 2FA prompts because it's too many steps during a busy day. Has anyone else noticed people giving up on security because it's just too annoying?

2 comments

2 Comments

wade_perez19d ago

You said "most of his users just click 'remind me later' on 2FA prompts" but that's not quite how it works. Most 2FA systems don't even give a "remind me later" option on the actual login screen, it's usually just "skip for now" on the setup page. Once it's enabled, you're stuck entering that code every time unless your IT guy set up some kind of trusted device exception. The real burnout people hit is when they have to dig through texts or authenticator apps multiple times a day for different services, especially if they're not using single sign-on. That's more of a fractured workflow problem than an individual prompt thing.

xena_kim19d ago

Wait WHAT, you're telling me there's actually systems that don't even give you the option to delay 2FA? That's insane, I've never seen a login screen without some kind of "trust this device for 30 days" toggle. I always just assumed that was standard across the board. But yeah, you're totally right about the fractured workflow thing, that's the real killer. Having to juggle three different authenticator apps and SMS codes for every random service is what makes people just give up and use the same password everywhere.