Maybe I shouldn’t have written about flexible security, because I immediately starting hitting inflexible security, locking me out.
Today’s fail is courtesy of MailChimp.com, which I use for my newsletters. It’s OK that they decided they want a confirmation when I log on to my account from India, but it is not OK that they require a text message passcode with no other option.
I have my phone in flight mode, because I don’t want to pay extortionate India roaming charges. But the Millennials in Atlanta running MailChimp have decided that everybody always have their phone on. We don’t, and they don’t know their users.
Do you know your users? Are you offering appropriate security options?
My customer just had to wait four hours for me to help them with an urgent issue, because they had not implemented flexible security as I wrote about recently.
Like many others, they are using two-factor authentication, which is good. Unfortunately, like many others, they depend on a text message as the second factor. Text messages are known to be unreliable and liable to be lost or delayed, but their IT department did not offer any flexibility: Without your passcode, you are locked out.
I did eventually get eight expired passcodes in a row. Fortunately, I did not have to revive a dead production database, and they survived the delay. But if you are depending on text messages to allow your system administrators to access your system remotely, do think about whether you need some alternative security option.
I’ll be speaking at the Oracle CloudWorld Developer event in Mumbai on Thursday, April 8th. You’ll find me in a general session together with some of my Oracle ACE and ACE Director colleagues, and on the Mobile for Cloud track, where I’ll be talking about developing mobile applications with Oracle JET, MAF and MAX.
Don’t miss it – Sign up here.