The Australian government has repeatedly called for citizens to turn off two-factor authentication (2FA) at its main digital government portal, myGov. The portal's Twitter account has recently been updated several times with cute pictures encouraging holidaymakers to "turn off your myGov security codes" so that "you can spend more time doing the important things."
The portal is the place where Australian citizens can use and manage a number of governmental services, including health insurance, tax payments, and child support. In case of myGov, two-factor authentication is implemented by sending users text messages that contain one-time codes to complement their usual passwords.
A number of people on Twitter pointed out that, while downplaying security isn't a good idea in general, it could be even more dangerous when citizens go abroad:
According to a government official quoted by the Australian Broadcasting Corporation, China is responsible for a breach at the Bureau of Meteorology, which may have allowed attackers to gain access to sensitive national security data. The Australian weather bureau hosts a high-performance computing center used by multiple government agencies and has network connections to Australia's Department of Defence.
The breach was described as "massive" by the unnamed government official, who told ABC News that he was certain "it was China" that breached the systems. He added that fixing the Bureau of Meteorology's network to close the holes used to gain access would cost millions of dollars.
There has been no official statement on the breach. Australia's Federal Police would not comment on the ABC report, and the government has made it a policy not to speak about specific computer security events. A spokesperson for China's Foreign Ministry has said the report contains "groundless accusations."