Google will begin automatically enrolling users in two-step verification

2»

Comments

  • Reply 21 of 26
    williamhwilliamh Posts: 789member
    Not only should you not need to turn on 2FA, you shouldn't have to wear seat belts or motorcycle helmets either.  If you haven't already thought of it, perhaps you would like to write the PIN on the back of your bank cards too.  It's absolute tyranny that you should have to memorize that PIN. Freedom includes the right to make bad decisions.
    edited May 7 watto_cobra
  • Reply 22 of 26
    charlesatlascharlesatlas Posts: 281member
    That's the whole "appropriately configured" part. The writer of the story didn't know, but it means you need to have registered a mobile phone number with your Google account. If you haven't, you won't be required to do 2FA. 

    That's absolutely untrue. As I already wrote, I've never linked my phone number to any of my Gmail accounts, yet some of them are demanding a number for verification.
    watto_cobra
  • Reply 23 of 26
    dewmedewme Posts: 3,685member
    MplsP said:
    lkrupp said:
    MplsP said:
    I have a google account that I sparingly use. When I do log into it, Google asks me to set up 2 factor authentication which I have steadfastly refused to do for the simple reason that I don't want Google to have my cell phone number.
    But you ARE okay with Apple’s 2FA requirements for iCloud and other services? It’s mandatory now you know, no longer optional. 
    It’s not mandatory, but yes - I trust Apple with my data infinitely more than Google. (If you frequent these forums you should know why.)

    The only (fading) issue I have with Apple's 2FA is that once you activate it on your account, which I wholeheartedly recommend, some older Apple devices can be quite difficult to get connected to Apple accounts that are behind 2FA. Apple has (very poorly) documented some workarounds, like appending the 2FA key to your password. This seems to work sometimes, but not always, and no matter how carefully I follow the magic series of cryptic steps I usually end up with a locked account because I've tried to log in too many times with incorrect credentials. For devices like older Apple TVs I just say F-it, it's not worth the F-ing hassle.

    It's all about defense in depth. 2FA isn't a magic bullet, but it's an incremental improvement over not using it. I subscribe to anything that improves my odds, regardless of whether it's Apple, Google, Amazon, or any other vendor I've established a relationship with for many years.
  • Reply 24 of 26
    williamhwilliamh Posts: 789member
    That's the whole "appropriately configured" part. The writer of the story didn't know, but it means you need to have registered a mobile phone number with your Google account. If you haven't, you won't be required to do 2FA. 

    That's absolutely untrue. As I already wrote, I've never linked my phone number to any of my Gmail accounts, yet some of them are demanding a number for verification.
    I am curious about this.  If you didn’t provide your phone number, how do you think Google got it?
    watto_cobra
  • Reply 25 of 26
    gatorguygatorguy Posts: 22,996member
    That's the whole "appropriately configured" part. The writer of the story didn't know, but it means you need to have registered a mobile phone number with your Google account. If you haven't, you won't be required to do 2FA. 

    That's absolutely untrue. As I already wrote, I've never linked my phone number to any of my Gmail accounts, yet some of them are demanding a number for verification.
    I've long seen "Try another way" if the phone (number) isn't available. You aren't given that option? 
  • Reply 26 of 26
    zimmiezimmie Posts: 536member
    gatorguy said:
    That's the whole "appropriately configured" part. The writer of the story didn't know, but it means you need to have registered a mobile phone number with your Google account. If you haven't, you won't be required to do 2FA. 

    That's absolutely untrue. As I already wrote, I've never linked my phone number to any of my Gmail accounts, yet some of them are demanding a number for verification.
    I've long seen "Try another way" if the phone (number) isn't available. You aren't given that option? 
    A while ago, I tried to log in to one of my Gmail accounts and got prompted to add a phone number. I picked "Try another way", answered the CAPTCHA, answered the security questions (this was a really old account), and it still didn't let me in. "We're not accepting this login attempt for security reasons. Try again later." or some nonsense like that. Tried it repeatedly over the span of a few weeks. I know the security question answers were good because when I eventually got a disposable cell number to give it, the authentication flow was the same (phone number, CAPTCHA, security questions), but this time it let me in. I immediately set up MFA, added TOTP as a method, saved the backup codes, deleted the phone number as a method. Now I'm able to consistently log in to that account with the TOTP token with no further prompts for phone numbers.
    williamh said:
    That's the whole "appropriately configured" part. The writer of the story didn't know, but it means you need to have registered a mobile phone number with your Google account. If you haven't, you won't be required to do 2FA. 

    That's absolutely untrue. As I already wrote, I've never linked my phone number to any of my Gmail accounts, yet some of them are demanding a number for verification.
    I am curious about this.  If you didn’t provide your phone number, how do you think Google got it?
    They didn't get it. That's Google prompting you to add a phone number in the first place. To get to that screen, you must have already given the correct password for the account, and the account must not have a phone number already associated.
    watto_cobra
Sign In or Register to comment.