Verify This: When Ordering Lunch Becomes a Two-Factor Trust Exercise

November 17, 2024
3 mins read
I’ve had it. It was bad enough when we all had to memorize 3,000 passwords, endure pop quizzes about the name of our first pet, and prove we weren’t robots by identifying blurry fire hydrants. But now, thanks to two-factor authentication, ordering lunch has turned into an episode of CSI: Cybersecurity.

I’ve had it. It was bad enough when we all had to memorize 3,000 passwords, endure pop quizzes about the name of our first pet, and prove we weren’t robots by identifying blurry fire hydrants. But now, thanks to two-factor authentication, ordering lunch has turned into an episode of CSI: Cybersecurity.

On a rather soggy day last week, I decided to brighten my spirits by treating myself to a nice barbecue lunch. I really didn’t have time to deal with Georgia drivers in the rain, as I was already getting hangry — so, like a reasonable person, I hopped onto my laptop to place a delivery order. I typed in my password, a string of nonsense that has whatever the required number of capital letters, numbers, and special characters are for that particular site, and started my order.

When I finished, instead of a confirmation page asking me if I wanted banana pudding with that — which obviously, I did — The website slammed on the brakes. “We’ve sent a verification code to your mobile device,” it said cheerfully, as if I should be thrilled about this extra layer of security.

My mobile device was, naturally, in the other room, because why would my phone or my wallet be anywhere near me when I need them. Fine. I made the trek, stepped on a stray LEGO for my trouble, and found the text. I limped back to the laptop, typed in the code, and waited for my barbecue to come one step closer.

But oh, no. The system wasn’t done with me yet.

“We’ve sent an email for additional verification.” My email? Why? Was the first verification not convincing enough? What do they think I’m doing—trying to steal a $12 barbecue plate? But, desperate for food, I clicked over to my inbox.

“Click this link to confirm your identity,” the email demanded. The link opened a new browser tab, and, of course, emptied my cart promptly.

Listen, I’m a tech guy. I understand the need for security — but I also understand the need for a decent user-experience when buying things. If passwords aren’t enough anymore, can we please ditch them in favor of something else? My computer uses my fingerprint, my phone uses Face ID, but most websites still demand passwords. If they aren’t enough, let’s switch to another method. Why should I have to enter a password and then take two or three more steps to verify my identity.

One of the things I like to do is take common issues out of the tech world and put them into the real world, so let’s take two factor authentication out of the Internet and place it into the real world.

Let’s say you walk into your favorite barbecue restaurant and order a pulled pork plate, baked beans, french fries, sweet tea, and — yes — banana pudding for dessert. The cashier asks you for your card, and you enter your PIN. Then, the cashier sends you a text because a PIN number isn’t secure enough anymore. You pull out your phone — Face ID doesn’t work, so you key in your PIN number. You show the cashier the text, but she is still not sold on your identity. She asks for your social security card, your driver’s license, a copy of your most recent mortgage statement and the last two month’s worth of pay stubs. “I’m sorry, madam,” you reply. “I was just trying to eat some fine southern barbecue, not buy a house.” By the time it is all over with, your food is cold.

Obviously, if this happened in the physical world, we’d all be outraged and Congress would be taking action. But, when the eggheads do it to us, we just willingly accept it.

Here’s my question: who exactly is the tech world protecting me from? Are hackers really lying in wait, hoping to access my sandwich preferences? Is there a criminal mastermind out there plotting to steal my extra pickles? If so, let them have them! I’m willing to sacrifice the whole order if it means I don’t have to go through this nonsense again.

I understand security is important. But let’s be honest: some things don’t need the same safeguards as a nuclear missile silo. No one is hacking my DoorDash account to pay for their kid’s college tuition. Maybe we could save the heavy artillery for bank accounts and secret government projects.

Until then, two-factor authentication is just another way the Internet has made life harder for no good reason. If I’m ever stranded on a desert island, I won’t starve because I can’t find food—I’ll starve because I’ll need a second device to confirm my identity to order it.

TL;DR: Two-factor authentication: the reason it takes longer to order lunch than to close on a mortgage.


I’ve had it. It was bad enough when we all had to memorize 3,000 passwords, endure pop quizzes about the name of our first pet, and prove we weren’t robots by identifying blurry fire hydrants. But now, thanks to two-factor authentication, ordering lunch has turned into an episode of CSI: Cybersecurity.
B.T. Clark
Publisher at The Georgia Sun

B.T. Clark is an award-winning journalist and the Publisher of The Georgia Sun. He has 25 years of experience in journalism and served as Managing Editor of Neighbor Newspapers in metro Atlanta for 15 years and Digital Director at Times-Journal Inc. for 8 years. His work has appeared in several newspapers throughout the state including Neighbor Newspapers, The Cherokee Tribune and The Marietta Daily Journal. He is a Georgia native and a fifth-generation Georgian.