Recently had a support call with a woman who was complaining about our 2 factor authentication system because she could only access one web page at a time. When I asked her if she couldn’t just open a new tab, she said she was too old to learn how computers work and couldn’t do that. She went on to claim that there’s a lot of people at her level of ineptitude, and that we shouldn’t have implemented 2fa because “most people don’t have multiple monitors.”
It was so, so hard not to throw out an OK Boomer as they proudly lectured me on the depths of their ignorance.
Can be funny for trivial stuff, but in the medical field this type of stuff is pretty messed up in my opinion. Some medical places implement stuff like that just because they refuse to pay people to staff the phones in scheduling.
Also, if the old lady doesnt want MFA thats her choice.
MFA doesn’t really help much in the case of a tech illiterate person though, since TOTP codes can be phished just like username and password can. A scammer that calls them will just ask for the code in addition to the username and password.
My employer uses Yubikeys with FIDO2/WebAuthn for two factor auth, but that’s probably too complex for a non technical person to figure out (even if it’s basically just “press the button when it tells you to”).
I just think they should be able to opt out. Its up to the patient what their security posture is. If they don’t want it, they shouldnt be forced to have it. Just have them sign away their rights to sue the hospital or something along those lines.
I’m open to hearing an argument why it should be forced to use MFA even if the patient doesnt want it. I know at least one hospital my company works with that has it optional for patients who want it.
I think most people are just unaware of the risk that is involved. Healthcare information is some of the most sensitive data on a person and should be protected at all cost.
Some older people in particular have as much of a self-preservation instinct on the internet as toddlers in real life. If protecting them takes away a tiny bit of agency from them then so be it because they cannot be trusted with such decisions. I believe any reasonable person would use MFA because trading off a tiny bit of convenience for a significant amount of security is always worth it.
There is a time when every person realizes that things have changed so much around them that they no longer understand how it works. It creeps up on you slowly, but in the Information age, that is accelerated. Every person here will experience some form of that at some point in their lives.
That’s entirely your choice, it’s not a requirement of life. You can continue learning new information, there’s nothing that forces you to give into ignorance. I’d also say there’s a pretty big difference between “I’m not a very tech savvy person” and “I am completely helpless and choose to make it other people’s problem.”
It’s a balance in many ways. There’s some aspect of refusing to do things due to not wanting to learn things. But sometimes people don’t want to adopt technologies simply because they’re unwilling to accept some very glaring downsides. For example, if you demand 2FA, you are demanding that your customers essentially consent to have an ankle monitor and remote audio monitor on their person at all times. Smart phones track your location 24/7, and they seem to track what is spoken around them as well. They are absolutely a huge invasion of privacy, and it’s remarkable we ever let them become as indispensable as we have. They’re basically just ankle monitors we all voluntarily put on each morning. I can absolutely see people just refusing to have a smartphone for the privacy implications alone.
I also have some red lines on technology. I refuse to use tiktok because of its privacy and psychological manipulation issues. And I’ve moved away from most social media, even if that cuts me off from some very useful communications and conversations in my family and community. I also refuse to buy any appliance with a wifi connection. I try to avoid any device that requires an app to use. If your widget requires an app but your competitor’s doesn’t, I’m buying from your competitor. If your widget requires an app and your widget is just something that would be nice to have, but not life-changing, I’m not going to buy your widget at all.
It’s a very dangerous thing to simply decry anyone who rejects a technology as ignorant or not tech-savvy. Often people reject particular technologies for damn good reasons. If we just accept the newest thing with zero thought simply for the fact that it is new, we are actually the ignorant ones. Something being newer does not automatically make it better. And often newer things are inferior to old things, like the case of a lot of privacy-violating appliances and companies filling everything with DRM and trying to turn it into a subscription. I don’t want basic household items to require an app to use, as it is guaranteed that the security on that system will be crap, and that the product will stop working after a few years after the company stops supporting the app.
If I’m buying a physical thing, I want it to be completely stand-alone and require zero continued feedback from its manufacturer in order to continue to function. You can tell me til you’re blue in the face about how spying on me helps improve the customer experience, but I’m still going to tell you to take your privacy-violating, app-dependent widget and shove it up your app-loving ass.
My father was 75 when his finances had deteriorated to the point where he was no longer able to afford a personal secretary.
He had me explain the things he had to do, and he wrote them down on paper, step by step. He was pretty quickly able to do all the things he needed to do on his desktop.
Never got fast typing down, so I got him dictation software. Anyway, I’m pretty convinced as long as your determined, you can stay hip to new technology in a way that at least allows you to work with it.
Recently had a support call with a woman who was complaining about our 2 factor authentication system because she could only access one web page at a time. When I asked her if she couldn’t just open a new tab, she said she was too old to learn how computers work and couldn’t do that. She went on to claim that there’s a lot of people at her level of ineptitude, and that we shouldn’t have implemented 2fa because “most people don’t have multiple monitors.”
It was so, so hard not to throw out an OK Boomer as they proudly lectured me on the depths of their ignorance.
Can be funny for trivial stuff, but in the medical field this type of stuff is pretty messed up in my opinion. Some medical places implement stuff like that just because they refuse to pay people to staff the phones in scheduling.
Also, if the old lady doesnt want MFA thats her choice.
Mandatory MFA isn’t a bad thing though.
If an old lady doesn’t want to remember a password, should she be able to enter just her email/identifier without any verification?
MFA doesn’t really help much in the case of a tech illiterate person though, since TOTP codes can be phished just like username and password can. A scammer that calls them will just ask for the code in addition to the username and password.
My employer uses Yubikeys with FIDO2/WebAuthn for two factor auth, but that’s probably too complex for a non technical person to figure out (even if it’s basically just “press the button when it tells you to”).
Well, TOTP prevents at least these attack vectors, even for tech-illiterate people:
With TOTP there must be at least some contact between the “hacker” and the victim.
I just think they should be able to opt out. Its up to the patient what their security posture is. If they don’t want it, they shouldnt be forced to have it. Just have them sign away their rights to sue the hospital or something along those lines.
I’m open to hearing an argument why it should be forced to use MFA even if the patient doesnt want it. I know at least one hospital my company works with that has it optional for patients who want it.
I think most people are just unaware of the risk that is involved. Healthcare information is some of the most sensitive data on a person and should be protected at all cost.
Some older people in particular have as much of a self-preservation instinct on the internet as toddlers in real life. If protecting them takes away a tiny bit of agency from them then so be it because they cannot be trusted with such decisions. I believe any reasonable person would use MFA because trading off a tiny bit of convenience for a significant amount of security is always worth it.
Most of these patients have already received emails from multiple healthcare organizations that their data was breached though.
The way medical data is stolen isnt through individual accounts usually unless you are famous or a politician.
There is a time when every person realizes that things have changed so much around them that they no longer understand how it works. It creeps up on you slowly, but in the Information age, that is accelerated. Every person here will experience some form of that at some point in their lives.
That’s entirely your choice, it’s not a requirement of life. You can continue learning new information, there’s nothing that forces you to give into ignorance. I’d also say there’s a pretty big difference between “I’m not a very tech savvy person” and “I am completely helpless and choose to make it other people’s problem.”
It’s a balance in many ways. There’s some aspect of refusing to do things due to not wanting to learn things. But sometimes people don’t want to adopt technologies simply because they’re unwilling to accept some very glaring downsides. For example, if you demand 2FA, you are demanding that your customers essentially consent to have an ankle monitor and remote audio monitor on their person at all times. Smart phones track your location 24/7, and they seem to track what is spoken around them as well. They are absolutely a huge invasion of privacy, and it’s remarkable we ever let them become as indispensable as we have. They’re basically just ankle monitors we all voluntarily put on each morning. I can absolutely see people just refusing to have a smartphone for the privacy implications alone.
I also have some red lines on technology. I refuse to use tiktok because of its privacy and psychological manipulation issues. And I’ve moved away from most social media, even if that cuts me off from some very useful communications and conversations in my family and community. I also refuse to buy any appliance with a wifi connection. I try to avoid any device that requires an app to use. If your widget requires an app but your competitor’s doesn’t, I’m buying from your competitor. If your widget requires an app and your widget is just something that would be nice to have, but not life-changing, I’m not going to buy your widget at all.
It’s a very dangerous thing to simply decry anyone who rejects a technology as ignorant or not tech-savvy. Often people reject particular technologies for damn good reasons. If we just accept the newest thing with zero thought simply for the fact that it is new, we are actually the ignorant ones. Something being newer does not automatically make it better. And often newer things are inferior to old things, like the case of a lot of privacy-violating appliances and companies filling everything with DRM and trying to turn it into a subscription. I don’t want basic household items to require an app to use, as it is guaranteed that the security on that system will be crap, and that the product will stop working after a few years after the company stops supporting the app.
If I’m buying a physical thing, I want it to be completely stand-alone and require zero continued feedback from its manufacturer in order to continue to function. You can tell me til you’re blue in the face about how spying on me helps improve the customer experience, but I’m still going to tell you to take your privacy-violating, app-dependent widget and shove it up your app-loving ass.
My father was 75 when his finances had deteriorated to the point where he was no longer able to afford a personal secretary.
He had me explain the things he had to do, and he wrote them down on paper, step by step. He was pretty quickly able to do all the things he needed to do on his desktop.
Never got fast typing down, so I got him dictation software. Anyway, I’m pretty convinced as long as your determined, you can stay hip to new technology in a way that at least allows you to work with it.
The difference is you. You enabled him and helped accommodate his needs. Without you, how’s he going to cope? Also you’re a good child.