Topic: Two factor authenication
Anonymous A started this discussion 4 years ago #103,201
Since when did every little thing need to become double-agent nuclear-launch code level secure?
I literally just logged in with 2 factor authentication (which I don't have the option to disable) and checked "stay logged in for a week". I switched tasks for like two minutes and I'm prompted again to enter my password to not be auto-logged out.
Fine. I enter my password and then I'm also prompted to do 2 factor again. What the fuck does "stay logged in" even mean then?
Similar story with gmail. I guess I somehow created account an account without it forcing me to enter a phone number. Good thing because I wouldn't have otherwise created an account with them.
I now log in and am prompted to enter my phone number to setup 2 factor "for [my] protection". There's no way to bypass this and I can't login without doing this.
They don't have my phone number. There's nothing to verify. Anyone that knows my password could now log in and enter any random number, permanently locking me out of my account. How is this for my protection? It's like the mafia selling a protection plan. "Nice account you have there, wouldn't it be a shame if you couldn't ever log in again?" Needless to say I didn't give them my number. Plenty of other free emails out there that don't pull this shit. Their loss.
I literally just logged in with 2 factor authentication (which I don't have the option to disable) and checked "stay logged in for a week". I switched tasks for like two minutes and I'm prompted again to enter my password to not be auto-logged out.
Fine. I enter my password and then I'm also prompted to do 2 factor again. What the fuck does "stay logged in" even mean then?
Similar story with gmail. I guess I somehow created account an account without it forcing me to enter a phone number. Good thing because I wouldn't have otherwise created an account with them.
I now log in and am prompted to enter my phone number to setup 2 factor "for [my] protection". There's no way to bypass this and I can't login without doing this.
They don't have my phone number. There's nothing to verify. Anyone that knows my password could now log in and enter any random number, permanently locking me out of my account. How is this for my protection? It's like the mafia selling a protection plan. "Nice account you have there, wouldn't it be a shame if you couldn't ever log in again?" Needless to say I didn't give them my number. Plenty of other free emails out there that don't pull this shit. Their loss.
(Edited 1 minute later.)
Anonymous B joined in and replied with this 4 years ago, 2 hours later[^] [v] #1,164,990
Anonymous A (OP) replied with this 4 years ago, 4 minutes later, 2 hours after the original post[^] [v] #1,164,992
@previous (B)
There's literally no other link to press to continue to log in without giving your phone number. I couldn't believe it either and searched to see what I was missing. Nothing. Other people have had the exact same problem too.
The requirements and options google gives you probably depend on whatever profile they think they've built of you. I've even seen as much as the entire interface vary from person to person. Un-fucking-believable.
There's literally no other link to press to continue to log in without giving your phone number. I couldn't believe it either and searched to see what I was missing. Nothing. Other people have had the exact same problem too.
The requirements and options google gives you probably depend on whatever profile they think they've built of you. I've even seen as much as the entire interface vary from person to person. Un-fucking-believable.
Anonymous B replied with this 4 years ago, 2 hours later, 4 hours after the original post[^] [v] #1,165,027
@previous (A)
I can turn it off, and I don't need to use a phone number to log into any of my Google accounts.
I'm pretty sure you can't create a new account without a valid phone number, but that's what cheap burner phones and pay-monthly mobile plans are for. Once you've created it, you can opt out and not use 2FA anymore.
I can turn it off, and I don't need to use a phone number to log into any of my Google accounts.
I'm pretty sure you can't create a new account without a valid phone number, but that's what cheap burner phones and pay-monthly mobile plans are for. Once you've created it, you can opt out and not use 2FA anymore.
Anonymous A (OP) replied with this 4 years ago, 3 minutes later, 4 hours after the original post[^] [v] #1,165,032
@previous (B)
Like I said, I think they have different requirements based on whatever their profiling turns up (or doesn't, in my case). And no, I'm not paying for a fucking burner phone for an email address.
Like I said, I think they have different requirements based on whatever their profiling turns up (or doesn't, in my case). And no, I'm not paying for a fucking burner phone for an email address.
Anonymous B replied with this 4 years ago, 6 minutes later, 4 hours after the original post[^] [v] #1,165,044
Meowth joined in and replied with this 4 years ago, 4 hours later, 8 hours after the original post[^] [v] #1,165,083
I have started having alternate physical phone numbers on SIM cards a few years ago. You can find some cheap deals, and some even come with internet deals. I now have 3 phone lines just for 2FA (although that is excessive). One, I pay $3/mo., another $5/mo., and this latest one I'm testing $15/mo. with 2GB highspeed data, with slower speeds after 2GB. No problem with Android phones though, just a little tweakin' away and it won't count towards your data. Anyway, it sucks, but for literally a few dollars a month you can can do this. I think I've posted here before about my tiny phone which is only ~2" just for 2FA.
Anonymous D joined in and replied with this 4 years ago, 4 hours later, 13 hours after the original post[^] [v] #1,165,119
Two factor authentication really isn't enough. Really it should be at least four, but ideally up to six factor authentication.
Green !StaYqkzUPc joined in and replied with this 4 years ago, 1 hour later, 14 hours after the original post[^] [v] #1,165,127
Anonymous F joined in and replied with this 4 years ago, 1 hour later, 16 hours after the original post[^] [v] #1,165,136
Anonymous G joined in and replied with this 4 years ago, 14 minutes later, 16 hours after the original post[^] [v] #1,165,137
SMS 2FA isn’t real anyway. It’s not something “only I have”, if the mobile provider owns the number and can give it away to anyone who asks