As an opt-in program, this is actually very, very good. (Note that it's not perfect, but more on that in a bit.) What becomes untenable for some companies is managing hard token distribution for their customers. There are some trade-offs, including reception, battery power, etc. The fact that you went to regions not covered by your current provider and did not purchase even a pre-paid burner phone or something to cover the interim is somewhat irrelevant. Had you really *needed* access to your iWidget, you could have arranged to dial back to traditional authentication or taken the hit and acquired some cell coverage from a different provider.

This is an example of two-factor authentication for end users, and you're going to see (I sincerely hope anyway) more of it in the future. Is it extremely robust two-factor? No, but it *is* two-factor. (Given the assumption that you and only you can receive the SMS, that is... big assumption, watch your step.)

Your bank only authenticates you to the point where 1.) they're willing to pay back any damages they may incur for giving someone access to your bank account or 2.) they're able to convince a judge that they performed with due diligence (You do trust judges to have full knowledge of the rapidly evolving security and technology landscape, right?) and you in fact were responsible for the wire transfer to (sorry, no soup for you). Strictly speaking, they're saying "Eh, good enough. What could possibly go wrong?" You or I as the consumer of gmail services may have a different threshold, depending on what we're sending and receiving via gmail. Note that your email provider giving access to an authorized person will probably not have the same direct, material impact that giving access to your bank accounts may have... That's where enhanced authentication credentials come to play.

In our guild, you get 1 warning unless it's incredibly offensive, then you're gkicked. This applies to any form of hate speech and applies to vent, guild chat, or any publich chat channel. If you're flying our guild tag, you are expected to behave in public. You're welcome to have whatever belief system you like, but you're not welcome to offend others with it.

For the most part I agree with you. The caveat is that in certain circumstances, having an external party review your widgets is necessary from a regulatory compliance perspective. Also, Marcus Ranum is famous for ranting on "bad management" which requires you to pay an outside consultant to tell you the same thing that your internal resources were telling you, but for more money. Unfortunately, I've seen more than one organization suffer from this.

The parent post is completely relevant and non-partisan. Leaders must lead with integrity and set the bar for the behaviour of those they govern. It's time to start holding *everyone* accountable for breaking privacy laws - those that lose customer information, CEO's, and elected officials.