Last month, I wrote a post on the limits of universal design. Among other things, I pointed out that people often use the ‘universal design’ label for things a few people need, but most people find inconvenient. I used the examples of the adjustable standing desk and activist Zoom meetings to illustrate the people. Both increase accessibility, but they do so in a way that most people don’t really like.
In the area of IT security, I can add one more example of this usage: multi-factor authentication (MFA). In a paradigm case of MFA, a person tries to log in to their work account or email account, puts in their user name and password, and then isn’t able to immediately log in using those credentials. Instead, the system sends them a text message and they have to enter a code to complete the login*.
Why do we need MFA? It provides some protection from scammers and other ne’er-do-wells. But often it’s a safety measure for people who fail to take very basic, 101-level IT security steps. Like not handing out their password and not clicking links from strangers.
In short, it’s designed for a small number of people who need extra services. But businesses push it on everyone, even those who don’t need it. For those who don’t need it, which is most people, it’s yet another inconvenience and hassle.
*Note: I realize there are less intrusive and annoying forms of MFA. In some cases, those are good, non-invasive designs.