Friction: MFA at Work

Technology is supposed to make things better. Lately it seems as though, almost day by day, the tools and systems that surround us are growing more complex and less useful. Here is an example.

The mobile phone on my desk at work flashes a notification about once a week. “Update Apple ID Settings,” the notification advises me, because “some account services will not be available until you sign in again.” I click continue and a new screen appears, entitled “Apple ID for your organization.” The screen instructs me to continue to a web address where I may sign in to my account. I tap the screen to activate a large blue button labeled “Continue,” and a browser page showing my workplace’s login screen appears. I enter my password–encrypted and saved on the phone, thankfully–and a new screen appears presenting me with the option to verify my identity through a phone call or a text message. I select phone call, because I am unable to receive text messages on this phone. If I did happen to select text verification, here is what would happen: the screen would change again, displaying a message over a set of floating periods indicating that the verification server is awaiting my confirmation text message. Nothing would happen, however, and I would need to begin the process again.

A moment after selecting phone verification, the phone rings. I answer and an automated voice speaks:

“This is the Microsoft sign-in verification system,” the voice says. “If you are trying to sign in, press the pound key.”

I tap the small window at the top of the screen representing the call in progress. This leads to another screen, where I must tap the “Handset” area to open a virtual representation of an old phone handset. I then tap the area of the glass screen corresponding to the pound key.

“Your sign-in was successfully verified,” the voice responds. “Good-bye.” The blazing red notification bubble will never disappear until I take this action.

The entire interaction takes less than thirty seconds. It is irritating in the moment, but the process is easy enough that I don’t have to think much about it once I get started. If I refused to do so, however, after a while the software on my phone would stop working. First, I would lose the features furthest from the core of the phone. Apps that change often–productivity apps like Excel or OneNote, for example–would be first to go, blocked by a verification server requiring the newest version to operate. Next, I might start to lose access to some of the manufacturer’s frequently-updated software, like Maps and Photos. Finally, given enough time and system updates, even the most basic features like mail and text messages, and then the phone itself, would stop working, rendering the $1,000 computer less useful than a concrete block until I completed the ritual of verification.