Inflexible Security (MailChimp fail)

Maybe I shouldn’t have written about flexible security, because I immediately starting hitting inflexible security, locking me out.

Today’s fail is courtesy of MailChimp.com, which I use for my newsletters. It’s OK that they decided they want a confirmation when I log on to my account from India, but it is not OK that they require a text message passcode with no other option.

I have my phone in flight mode, because I don’t want to pay extortionate India roaming charges. But the Millennials in Atlanta running MailChimp have decided that everybody always have their phone on. We don’t, and they don’t know their users.

Do you know your users? Are you offering appropriate security options?