Too Much Security

My customer just had to wait four hours for me to help them with an urgent issue, because they had not implemented flexible security as I wrote about recently.

Like many others, they are using two-factor authentication, which is good. Unfortunately, like many others, they depend on a text message as the second factor. Text messages are known to be unreliable and liable to be lost or delayed, but their IT department did not offer any flexibility: Without your passcode, you are locked out.

I did eventually get eight expired passcodes in a row. Fortunately, I did not have to revive a dead production database, and they survived the delay. But if you are depending on text messages to allow your system administrators to access your system remotely, do think about whether you need some alternative security option.