It was for security, the receptionist assured me.
I guess I might be trying to smuggle someone else's teeth in for a cleaning?
Fortunately my dentist does not have extremely detailed records of any of my biometrics that might be useful for identifying me.
They want to make sure a phony horse isn't getting dental cleaning. Infamous phony horses.
"Before we proceed with your bi-annual cleaning, please fill out this CAPTCHA".
You reused your password on the dentist portal., and that 2FA code was from your bank.
That's an unusually rigorous way to validate the correctness of your phone number!
You do know that people can by identified by their dental patterns? Forensic Odontology is a thing, especially when there's not much else left to work with (Disaster Victim Identification for example).
(Yeah, that's the joke he's making.)
In a world where people get confused and write somebody else's email address, but then are astonished that doesn't work, it seems like verifying that you gave them your actual phone number, rather than "Ooops, I keep saying it wrong, sorry" is worth their time.
Not to mention it shortcuts the step where Karen is angry because the surgery's receptionist didn't give her a courtesy reminder (because Karen intentionally provided a bogus number since she doesn't want those stupid reminders) and now Karen missing her appointment is the receptionist's fault.
Plausible apologia, except for the fact that I have been confirming my appointments with them by replying to their text messages for over three years including 48 hours ago. They fucking well know that they have my phone number, ok?
Also "it's for security" was the explanation. Not "we want to make sure you don't miss your appointment." If that's what they meant, that's what they would have said.
But keep trying, corporations still need your help justifying all the stupid security theatre shit that they do!
It's just the next step in the sequence that began with paper forms, to be filled out with a pen, that include an "I Am Not A Robot" checkbox (which you MUST fill in or else the receptionist will go "tch" and tick it for you, but with poorly-concealed ill grace).
My bank (small) is launching a new online banking system in a week.
They gave a heads-up about this a few months ago. It included the worrying instruction to "ensure your cell phone number and email address in the system are correct and up to date".
I wrote to them, asking:
(a) is a cell phone number required? (I don't have one)
(b) you're not actually dumb enough to be using SMS or unencrypted email for not-really-2fa bullshit-security theatre on something as critically important and personal as a person's assets and financial security, are you? (slightly more polite than this)
(c) if the answer to either of A or B is "yes", could they have whoever's in charge of security for the new site contact me?
Mostly crickets in response, just the standard "We're taking all these things into consideration" type boilerplate from a flunky with no insight into the design and operation of the system, much less ability to influence it.
And today? "Here's a preview of the changes, with handy click-through animated tutorials for things like 'how to log into your account'".
Step 1? 2fa via SMS or unencrypted email. FFS.
Oh, and the "account view" is now an acre of whitespace with a literally-meaningless pie chart in the middle of it, and a small "current balance" text off to one side, pointing meaninglessly to an arbitrary pie chunk. Thanks, that's great, much better than the list of recent transaction values and balances that has been the standard way to look at a bank account since the bloody steam traction engine was invented.
Goddamn web designers still think "pretty" matters, and "functional" doesn't.
C.
Makes me wonder of the viability of starting a bank with truly good security...
Speaking as someone whose job it is to get people to do the bare fucking minimum security for their own good, you'd get terrible compliance and complaints about how difficult it is to use. Unless you're a swiss bank and can tell them "we don't need your custom, go pound sand".
Also known as "tooth-factor authentication".
Bravo, the real joke is always in the comments these days.
So close - 13 minutes later and you would have had a twofer...
Maybe they/the building got a new IMEI tracker and they need to prime the pump? Remember, kids: rich data = rich seller!