The implementation of Duo two-factor authentication at @georgiatech feels like it was designed as an experiment in how far you need to push people before they think two-factor is too much hassle. Sometimes I navigate between 2 or 3 links and have to 2 factor on every one