Last January, while thrifting with my friend Imani, my phone unexpectedly lost signal. We were about halfway through a long rack of wool coats when I tried to check my email, only to find that I had no connectivity.

"That's odd," I remarked to Imani. "My phone isn't picking up any signal."

"Maybe it's just the store's reception," she suggested.

"No, it's worse than that," I replied. "There are no bars at all—not even a hint of LTE or 4G."

"Have you tried restarting it?"

After turning my phone off and back on, still nothing. While I often dealt with poor reception indoors, this complete lack of connectivity was new. A wave of panic washed over me—was it possible that some major disaster had knocked out our satellites? However, when we stepped outside for a smoke, Imani's phone connected perfectly; she was with a different carrier.

We walked to a nearby coffee shop, where I connected to the Wi-Fi and checked Down Detector, which confirmed that AT&T was experiencing widespread outages across Chicago for over an hour.

"Great," I said, feeling frustrated. "My students have an exam soon, and they need to reach me. Looks like I have to head home."

Upon returning home, I attempted to access my university email, only to find that I was prompted for authentication. Not long ago, the school had mandated two-factor authentication (2FA) every two weeks or when using a new device to access email and other important documents. I had opted for phone call verification, but now, without cell service, I couldn't complete the process and was unable to work.

I tried logging into my AT&T account to check the service issue, but again, I was blocked by the need for 2FA via phone call. I eventually gave up, as service remained down for the day.

During that frustrating day without email or phone, a concerning realization struck me: What if a student at Loyola couldn’t afford a phone? How would they log into their email? What about individuals without phones who need multi-factor authentication (MFA) to access their banking or utility accounts? Are we excluding an entire group of people with our current security measures?

It seems that we are. After discussing with friends who have been or currently are homeless, they confirmed that MFA often complicates their lives. One friend, Maeve, got completely locked out of her bank account after fleeing an abusive situation, losing her phone in the process. Another friend, Steve, mentioned that while he tries to keep working devices on him, obtaining Wi-Fi is much easier than maintaining cell service. For months, he was unable to cancel a utility bill for an apartment he no longer occupied because he couldn't verify his identity via phone or text.

Those without consistent cellphone or internet access are not the only ones adversely affected by these systems. Individuals with autism or ADHD also find 2FA and MFA challenging to manage. As someone on the autism spectrum, I have come to realize how cumbersome these authentication systems can be, especially after my own frustrating experience without cell service. I discovered that many neurodiverse individuals share similar sentiments.

I typically avoid enabling 2FA or MFA unless absolutely necessary. It always seemed like a frustrating time sink. Initially, I attributed this to impatience and a risk-tolerant nature. However, upon reflection, I recognized that it stemmed from my Autism.

2FA and MFA systems can be overwhelming and stressful for anyone with cognitive disabilities. Neurodiverse individuals often struggle with executive functioning, which affects our ability to organize tasks and switch between them efficiently. Generally, we find multitasking difficult and can become easily overwhelmed by competing stimuli. It takes considerable effort for us to initiate activities and focus. The need to navigate various applications and devices to access work tools exacerbates the challenges posed by autistic inertia.

People with autism and ADHD are also prone to distraction and anxiety when faced with excessive notifications or prompts. If an authentication process requires us to switch to another app to find a code, it may be difficult to muster the motivation to do so. Even if I manage to access my email to retrieve a code, the risk of being sidetracked by other messages is high. With some codes expiring within minutes, I may lose my place and have to start the process over.

When we do have the energy and focus to switch to an app or email to find an authentication code, many of us might still struggle to accurately copy it. Comorbid conditions like dyscalculia and dyslexia can make numbers and letters blend together into a confusing jumble. If a verification process includes a CAPTCHA, our detail-oriented and literal processing styles may hinder our ability to interpret it correctly. Questions that seem straightforward to neurotypicals can be incredibly frustrating for us.

Neurodiverse individuals often find it challenging to filter through visual clutter, leading to misplacing essential items like phones, charging cables, or notebooks filled with passwords. Consequently, physical authentication keys are not a viable solution for us, as they are equally prone to being lost. Additionally, we frequently forget passwords. If I'm trying to log into HR software to download my W-2 but can’t locate my phone among disorganized belongings, the likelihood of giving up in frustration is extremely high.

Historically, many neurodiverse individuals—including myself—have coped by disabling MFA. I only enable it when my work requires it. While I activate it for critical accounts with sensitive information, I often find myself choosing between using a service "unsafely" or not using it at all. There are numerous apps and services I've started to sign up for but abandoned due to the complex bureaucratic processes involved.

I am uncertain of what the solution is to this dilemma, but I recognize its root: 2FA and MFA shift the responsibility for securing a platform from the company that operates it to the users. Requiring users to authenticate via phone, an app, or an emailed code is time-consuming and frustrating, and for those with disabilities or financial constraints, it may be entirely unfeasible. It’s a temporary fix that many services have adopted in lieu of creating comprehensive security measures that account for user fatigue and error.

I believe that the most effective alternatives will vary depending on the platform and the user. A solution suitable for an autistic, housed individual working from home (like myself) may be useless for someone who is homeless and unemployed. In an ideal world, where apps did not exploit vast amounts of sensitive data, we could differentiate between the security necessary for accessing our Spotify accounts and that needed for our banking information. This raises another vital accessibility issue—ensuring that all users are aware of and can genuinely consent to the collection or sale of their data.

We must begin to explore alternative methods for granting access to accounts and preventing lockouts. Otherwise, we risk continuing to exclude those who are already marginalized by social systems. For individuals with disabilities or living in poverty—and those facing both challenges—it is already difficult to secure and maintain employment, manage finances, track important documents, and pay bills. We do not need additional technological barriers complicating these processes.