I've been noodling on a concept I keep calling "2-2 factor" and I think it might be the most important reliability principle nobody explicitly names.

This is not about two-factor authentication. Not about SMS codes or authenticator apps or biometric scans. Those are fine. Important, even. But they solve a different problem.

This is about the principle that no single human being should ever be trusted to act alone on anything that matters.

The $5 Wrench Problem

There's an XKCD comic that nails this better than I ever could. The setup: someone's built a massively encrypted, cryptographically secure system. The punchline: an attacker bypasses it all with a $5 wrench and the words "tell me your password."

The point isn't that encryption is useless. The point is that technical security becomes irrelevant the moment a single human is your weakest link. You can have the most sophisticated access controls in the world, but if one tired person at 11pm can approve a production deploy, push a financial transaction, or sign off on a prescription, your security model has a human-shaped hole in it.

And here's the thing: that's not a character flaw. It's biology.

The Maths (This Is the Bit That Matters)

Let's work through this properly. Not academic-paper properly, more like pub-napkin properly.

Say you've got a good engineer. Experienced, careful, knows their stuff. What's their error rate? Let's be generous and say they get things wrong 1 in every 100 activities. That's a 1% failure rate, or put another way, a 99% "service level."

99% sounds great until you do the arithmetic.

Assume this engineer does about 2,000 meaningful activities a year. Code reviews, deploys, config changes, access approvals, whatever counts as a "decision that could go wrong."

At 99% accuracy, that's 20 errors per year. Twenty. That's nearly two per month. Two dodgy deploys, two missed bugs, two approvals that shouldn't have gone through.

Now, what if we wanted 99.99%? That would be 0.2 errors per year. One mistake every five years. Sounds reasonable for anything safety-critical, right?

Can a single human achieve 99.99% across 2,000 yearly activities? No. They cannot. Not consistently, not across years, not when they're tired, distracted, hungry, going through a breakup, or just having an off Tuesday. Human biology has a ceiling, and it sits somewhere around that 99% mark for sustained, repeated decision-making.

So how do you get past the ceiling?

The 2-2 Factor

You don't improve the human. You compose multiple humans.

Here's the maths, and it's stupidly simple:

• Probability of Person A making an error on a given activity: 1% (0.01)
• Probability of Person B independently making the same error on the same activity: also 1% (0.01)
• Probability of both making the same mistake: 0.01 x 0.01 = 0.0001 = 0.01%

That gives the pair a combined service level of 99.99%.

Read that again. Two fairly average humans, each operating at 99% individually, compose together to produce 99.99%. That's the difference between 20 errors per year and 0.2 errors per year. By adding one extra person.

Want to go further? Add a third independent reviewer:

0.01 x 0.01 x 0.01 = 0.000001 = 99.9999%

That's 0.002 errors per year. One mistake every 500 years. Three normal humans, checking independently, achieve what no single human could ever manage alone.

The Key Word Is "Independent"

This only works if the checks are actually independent. If Person B just rubber-stamps whatever Person A did because they trust them, or because they're mates, or because it's 4pm on a Friday and they want to go home, the probability doesn't multiply. It stays at 0.01. You've added a person but gained nothing.

Independence means: Person B looks at the work fresh. Forms their own opinion. Makes their own assessment. Doesn't know (or doesn't factor in) what Person A concluded.

This is why proper code review isn't "looks good to me, ship it." It's someone actually reading the diff, thinking about edge cases, and forming an independent judgement. The moment review becomes a rubber stamp, you've lost the mathematical benefit entirely.

This Is Everywhere (Once You See It)

Once you frame it this way, you start seeing 2-2 factor in every system that takes reliability seriously.

Banking has the four-eyes principle. No single person can authorise a transaction above a certain threshold. Two people must independently approve. Not because either person is untrustworthy. Because probability. Nuclear launch systems take it further: dual-key, two officers, two independent decisions. The whole point is that the probability of both officers simultaneously making the wrong call is vanishingly small.

Medicine does the same thing. A doctor prescribes, a pharmacist checks. Different humans, different contexts, independent review. The pharmacist isn't there because the doctor is bad. The pharmacist is there because the doctor is human. Aviation follows the same logic: pilot and co-pilot cross-check each other's actions, checklists are read aloud and confirmed, every critical decision involves at least two brains.

And then there's code review. Two developers look at the same change. One wrote it, one didn't. The reviewer catches what the author's brain glossed over because their brain hasn't habituated to it.

Same principle. Every time.

It's Not About Trust

This is the bit people get wrong, and it's worth being explicit about it.

When I say "no single human should be trusted to act alone," I'm not saying individuals are untrustworthy. I'm saying individuals are human. And humans, all of us, have an error rate that's bounded by biology.

You can be the most competent, conscientious, experienced person in the building and you will still make mistakes at roughly the same base rate. Training helps a bit. Checklists help a bit. But you can't train or checklist your way past the biological ceiling.

The only way through the ceiling is composition. Multiple independent checks. Multiple humans. Multiple brains. That's not a trust exercise. It's a probability exercise.

Feels like: insisting on a second rope when climbing. It's not that you think the first rope will fail. It's that the consequence of failure is high enough that you want the probability of both ropes failing simultaneously, which is astronomically low.

Where We Get This Wrong

The places that skip 2-2 factor tend to be the places that value speed over safety. Startups where one engineer can push to production. Small teams where code review is "optional." Companies where the CTO has root access and uses it.

And here's the kicker: it works fine most of the time. At 99%, you're right 99 out of 100 times. So you push without review 99 times and nothing bad happens, and on the 100th time the database drops and everyone acts surprised.

The problem isn't the 99 good outcomes. The problem is that the 1 bad outcome was always coming, and you chose a process that did nothing to reduce its probability.

Bottom Line

You cannot make an individual human more reliable past a certain point. Biology won't let you. But you can compose multiple humans to achieve reliability levels that no individual could ever reach. The maths is multiplication of independent probabilities, and it's been understood for centuries.

Every "two people must approve" process in history, from nuclear launch codes to code review to prescription checking, exists because someone, at some point, did this exact calculation and reached the same conclusion.

It's not about trust. It's not about bureaucracy. It's about the cold, simple maths of error rates. Two pairs of eyes aren't just good practice. They're statistical necessity.

This principle becomes even more interesting when you apply it to AI agents, which is something I explored in the tyranny of small decisions in the age of agents. And if you're interested in why orgs tend to reward the wrong people for the wrong things, have a read of war heroes vs the meticulous engineer.