The Australian government has repeatedly called for citizens to turn off two-factor authentication (2FA) at its main digital government portal, myGov. The portal's Twitter account has recently been updated several times with cute pictures encouraging holidaymakers to "turn off your myGov security codes" so that "you can spend more time doing the important things."

The portal is the place where Australian citizens can use and manage a number of governmental services, including health insurance, tax payments, and child support. In case of myGov, two-factor authentication is implemented by sending users text messages that contain one-time codes to complement their usual passwords.

A number of people on Twitter pointed out that, while downplaying security isn't a good idea in general, it could be even more dangerous when citizens go abroad:

.@myGovau People go into higher risk secnarios (open hotspots, internet cafes) and you suggest downgrading security? How silly /cc @troyhunt — Tatham Oddie (@tathamoddie) December 22, 2015

The reasoning behind myGov's suggestion is understandable: some tourists will swap their Australian SIM cards to local ones while on holiday. Once this is done, they won't be able to receive myGov security codes without reinstalling their Australian SIMs, which is a hassle.

While simpler for travelers, the government's suggestion guts the protections offered by two-factor authentication, which can provide an additional layer of security when logging in on the Web. 2FA is even more important when you're not on a trusted home or office network, which is why the Australian government's recommendation to turn off 2FA is rather jarring.

In the wake of criticism from users for the unsafe advice, myGov posted on Twitter that people who turn off security codes will "still need to securely sign in with secret questions & answers." The tweet offers a link to read more on the possibility, however the page it leads to doesn't mention it.

Even if it did though, a few additional passwords aren't a true replacement for good ol' two-factor authentication.