Two Factor Authentication a Pain

An example of two factor authorization. You login on a computer but have to complete an additional step when sent a passcode on your phone.
Two Factor Authentication, a Pain or Necessary?

Dear Ms. Smartphone: I took your class and try to be mindful about using my phone, so I often choose to work on my laptop computer. And I try to keep it secure. The problem is that many of the web sites I go to on my laptop require two-factor authentication and it’s a pain. So, I need my phone nearby in order to get this login code. Seems like I am back to keeping my phone right by my side and don’t have deep work time away from it.  Pete, San Rafael

Dear Pete: Yes! Both security and mindfulness need to work side by side when we use technology. Sometimes they gently compete with each other. It’s particularly hard to avoid that with two-factor authentication (2FA). Secure organizations used to give their employees and interns fobs that contained an unique signature. Others required those annoying ‘captchas.’  Now that smartphones are ubiquitous the six digit authentication code seems here to stay, at least for a while. Two factor authenticiation is a pain, but a necessary one.

The external fob and its alternative, sending you an authentication code, describe two of the four ways that a web site can vet you. The first is to require something you know (your login name and password) and second, something you have (the fob or an one-time number code). Other  ways to authenticate you are with biometrics (e.g., an iris scan, a fingerprint) or by exact location (through GPS). Things may change in a few years, but for now most banks and secure sites rely today on the 2FA code.

7 Plus or Minus 2!

Perhaps you occasionally receive five digit codes, and occasionally a seven digit one. Never longer. There is a science behind this. Before the computer age in 1956, a psychologist called George Miller wrote a seminal paper called “ The Magic Number of Seven Plus or Minus Two.”  Through extensive testing he discovered that humans could facilely remember just 5 to 9 numbers at a time. His discovery focused on two conditions: how the brain responds to multiple stimuli at the same time, and on the capacity of working memory. In the same paper Miller writes about overcoming bottlenecks by chunking data. Seven, plus or minus two, is the magic number.

Here’s a ‘Smartphone’ aside: It’s a nice coincidence that Bell telephone numbers in the nineteen fifties were just seven digits long. People didn’t need to add the three digit area code to their local calls. For long distance calls they looked up the area code. Perhaps that explains why we can’t remember our own phone number, or anyone elses today!  Adding the three digit area code (7+3) stresses our working memory! 

Not Counting:

In the future, the authentication code you receive on your phone will probably be replaced by more modern tech, for example, biometrics that recognize your speech patterns, or say the way you text and use the keyboard.  I have always been intrigued by whether the bad guys in movies who want to get access to a sizeable bank account or a golden safe deposit box just need to possess the good guy’s phone to gain entry. Again- this is Hollywood- they kidnap the wealthy victim, cut off the index finger, possess the phone, and gain the authentication codes to swipe into the financial system. While there is mention of a fairly wicked plot in 2017 in which a German company, Telefonica, was spoofed you will be glad to know that finger cutting is a dead-end (literally). The finger must show a pulse and other activity to pass through the biometric measures. 

For the time being, there is not a clear way to get around  two-factor authentication, unless you “trust” the site, as you mentioned. That could open up other vulnerabilities. So, if you are doing deep work and trying to concentrate, perhaps rearrange your work time so that you request these two factor authentications at a certain time of the day. And, after they are received, turn off notifications on your phone. Otherwise, the mere presence of the phone may distract you, remind you of outside things, and cut into the quality of your worktime.

Can’t Turn Off Bluetooth

the control bar of an Android phone with the Bluetooth icon highlighted (in blue).
Can’t turn off Bluetooth?

Dear Ms. Smartphone: I consider myself fairly informed with tech so I can’t figure out why my phone is always turning itself ‘on’ to Bluetooth. I turn the Bluetooth ‘off’. Next time I pick up the phone it is back ‘on’. It feels like the phone overrides what I want. BTW, I have an Apple phone, but my son says has the same issue with his Android. He can’t turn off Bluetooth either. Terry, Rohnert Park

Dear Terry: This Bluetooth problem makes you wonder if these next-generation phones have sentience! Bluetooth, for the record, is a low-powered two way radio signal emitted by smartphones. It works over short distances, about 30 feet or less. More exotically the logo, comes from a bind rune honoring an Old Norse ruler, Harald I of Denmark (source: Wikipedia).

Bluetooth enables your phone to connect to headphones, to speakers in your car, nearby computers, and significantly ‘More’! It is in ‘More’ that you will find the answer to your question. Data exchanges and handshakes take place all day between our phones and data centers. They are not transparent but Bluetooth enables the process. Bluetooth is sending essential updates for advertisers, business people, and information brokers. Perhaps that is why our phones make it so hard to override the defaults?

Pinging Away

For example, one of the most useful transmissions of Bluetooth data occurs in the transportation arena. Phones with Bluetooth are constantly pinged for their travel time and location. Hundreds and thousands of these pings help create the travel maps we use in real time. Perhaps you are grateful for knowing if there is traffic on the Bay bridge, or how long it’s going you to get to the airport.

Or, say you are in a retail store or coffee shop, and they have Bluetooth sensors hidden in the ceiling or displays. They collect travel data from your phone– when you entered the establishment, your indoor walking path, and how long you stayed. Should you log onto the free WiFi, the data miners might also capture your phone’s MAC address and remember it when you return.

Keep in mind all phones are “leaky” when it comes to privacy so it’s good digital hygiene to take precautions. Your phone is going to turn Bluetooth on by itself whenever you use an app that requests location data, so you should take steps to check these defaults. If you close these apps and deny them location data Bluetooth should stay off. But know that true privacy is hard to come by. A phone with cellular service still stays connected unless in airplane mode.

Off is it?

Even when you deliberately turn off both Bluetooth and GPS, your phone may be sending some data. This article in Quartz describes how tricky it can be to turn off all these settings on an Android phone. You have to go deep into the menus to find this feature, and even then, the description will obfuscate. Both the Android and the Iphone, let you turn Bluetooth ‘off’ in the control bars, but it seems to stay turned ‘off’ longer if you do this through the settings page.

One final note on Bluetooth- treat it like a third party to your phone and take precautions. About five years ago there was a virus called Blueborne (son of Harald) and it exploited vulnerabilities in the two-way settings. For Apple, an operating system newer than iOS 10.3.3 is safe. But, that’s until the next hacker finds an opening. On a more personal note, be conscientious when your speakers are enabled by Bluetooth- is anyone else in the room listening in? Remove the Bluetooth trace from the dashboard when you return a rental car, and over Airplay, revoke the right to send and receive from “everybody,” particularly over a WiFi setting.

Is the Role of Concierge Dead?

Is the concierge dead…and is the smartphone the killer?

A black and white photo of a concierge holding a tablet. The photo comes from a discussion of Amex versus Chase concierge services on thebalance.com
Is the Role of Concierge Dead? photo source: thebalance.com

Dear Ms. Smartphone: I was on a business trip again (yay!) and stayed at my favorite hotel in downtown San Francisco. It was mostly the same, but they no longer had a concierge working in the lobby. I know my way around SF so I didn’t need his/her help, but it made me wonder. Is the role of concierge dead? For me it’s a timely question since one of my kids goes to hotel school in New York state and is considering it as a profession. Lydia, NYC

Dear Lydia: I can’t give career guidance but I can help us examine together if the smartphone is the game changer and if the concierge is dead (not literally, of course).  I agree that there are fewer concierge services these days.  It’s not just at hotels. The airport information center and tourist visitor centers are also shut down. Is this because of Covid and staffing shortages, or a trend that’s here to stay?

Now, it’s true that a savvy visitor carrying a smartphone can explore without these helpful people. However, the concierge is a profession that has survived over 400 years of change.  The word “concierge” is said to derive from either ‘keeper of the keys’ or ‘keeper of the candles’ (perhaps both?) Initially, the concierge function served Royalty and attended to the needs of visiting nobles. They had access to parts of the castle that were normally out of bounds. Perhaps they could gift a special vintage from the wine cellar or a rare spice in the banquet hall! Of course, that’s a 21st century interpretation! 

The Secret Keys:

Seemingly, the concierge role has not changed that much. In big-city hotels, concierges are still renowned for holding secret keys- the ability to arrange good theater tickets, gain entrance to shows that are booked months in advance, and shine a light on special favors, big and small. Clearly some parts of the job have been made redundant. A visitor needing directions to the airport or an Uber vehicle can consult the kiosk in the lobby or an app on the phone. In upscale hotels there is a brand new need: expert concierge can advise guests where to get Covid tests for international travel and even arrange for “medical staff” that come directly to the room for these tests. 

But, back to the lobby. You won’t even find a local newspaper there these days! Many visitors now go directly to Google for information, since it provides maps and directions, as well as the listings for local businesses and attractions. People still don’t realize that Google sells the page ranks so the good stuff may be layered several pages deep. An informed concierge can save lots of  useless search time by cutting through the clutter and chaos of online tourist information. He/she can also provide personal tips when it comes to travel distances and traffic conditions.  The Google map, while providing turn-by-turn directions, will never be able to tell you which neighborhoods to avoid on foot or after dark. Still, phones are doing a lot of the heavy lifting of the concierge.

Human-to-Human:

So, the position will evolve.  When you stayed at your SF hotel, you may have noticed that the check-in process is downsizing and becoming more automated and app driven. You would think that the absence of human staff could create demand for more caring, personalized attention from the concierge. 

But, it’s not likely. The Hilton chain has partnered with IBM, there’s a Japanese company called Bespoke, and many other tech partnerships that steer guests towards chatbots. Guests who are accustomed to text and chat might never notice that they are getting less personalized service. But, a hotel chain can use this as an opportunity to cut back staffing and centralize their concierge functions. 

Data Aggregation:

A  concierge app has digital appeal because each guest is unique, yet has a great deal in common with other guests at that location. They are each visiting for a limited period of time, arriving with local queries and concerns.  The concierge in the lobby will answer the same question many times each day, but from different guests (e.g. what is the best Italian restaurant nearby, what time do I leave for the airport). There is software that automates this process and it’s aptly called a“data aggregator.” The aggregator clusters similar questions and answers, and then compiles them for chatbots and apps. Think of it as interactive FAQ. But that’s not all.  The hotel chain you are staying at is probably using machine learning to compile a personal data profile on you. This combo of data- aggregation and profiling – might produce your best, or worst stay ever!

Reflecting back and forward- we all have flashlights on our phones to light the way and codes that can take the place of physical keys. Yes, the role of concierge is in flux. Let’s hope that new functions emerge for this job, equally precious and coveted. Ideally, this will be the people’s concierge, not just a service for the better paying, high-end visitor.