Google will soon enforce the use of two-step verification for Google accounts

Two-factor authentication, or as Google calls it two-step verification, is a popular security feature that adds another layer of security to the authentication process. Users who have configured two-factor authentication use a secondary authentication option, such as a code that is sent via SMS to a linked mobile device or an authentication app, to sign-in to their account.

Google customers may configure two-step verification to protect their accounts with that second security layer. Many of you have probably configured the feature already for their accounts.

Google announced this week that it will soon enforce the use of two-step verification for Google accounts. The company wants to enroll its customers automatically, provided that the account is configured properly.

Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured.

Google's Security Checkup online tool allows users to check whether two-factor authentication can be enabled for the account and to find out which information is missing to enable the feature.

google two-factor authentication mandatory

The following options are available when it comes to protecting Google accounts with two-step verification:

  • Google Prompts: on Android if signed-in with the same Google Account, on iPhones, with Google's Smart Lock app, Gmail or Google app, and being signed-in to the same account.
  • Security keys: physical security keys, e.g. a Yubikey.
  • Authenticator app: use of Google Authenticator or another authentication app that generates one-time security codes on demand.
  • Text message or call: if a mobile phone number has been added to the account.
  • Backup codes: created during setup.

Google does not mention specifically which of its customers it is going to push into using two-step verification. Any customer who has added a mobile phone number to the account or is using the same Google account on an Android device or certain Google apps on iOS, could theoretically be a targeted for the enrollment.

Update: Google clarified that its customers will get an opt-out option.

Now You: do you use two-factor authentication?

Summary
Google will soon enforce the use of two-step verification for Google accounts
Article Name
Google will soon enforce the use of two-step verification for Google accounts
Description
Google plans to enroll its customers automatically in using two-step verification in the near future.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post:

Comments

  1. assurbani said on May 7, 2021 at 1:40 pm
    Reply

    google MUST die!

    1. Dustyn said on May 8, 2021 at 2:43 am
      Reply

      Google is now self aware. You can’t kill Skynet…

      1. Judgment Day said on May 9, 2021 at 12:43 am
        Reply

        Yes we can, Dustyn. Just ignore all the non-canon post-T2 crapfests. :D

    2. Jim Vanderbilt said on May 8, 2021 at 5:19 am
      Reply

      @ assurbani
      That’s your answer to Martin’s question “Do you use two-factor authentication?” ???

  2. Anonymous said on May 7, 2021 at 2:15 pm
    Reply

    Google forces you to use Google Prompts as the default 2fa even if you would rather have an authenticator app

    1. Sebas said on May 7, 2021 at 5:39 pm
      Reply

      @Anonymous
      Google makes it difficult to enable the authenticator app, but is it possible.

      On the safety check page at the two step verification tab you will see this:

      You can add backup options through your 2-step verification settings https://myaccount.google.com/signinoptions/two-step-verification

      1. Anonymous said on May 9, 2021 at 2:48 am
        Reply

        I want authenticator as default and google prompts as backup if something goes wrong, Google makes Prompts the default

  3. SteveB said on May 7, 2021 at 2:39 pm
    Reply

    Totally sick of companies assuming anyone with a mobile phone has it switched on all the time.

    1. Jim Vanderbilt said on May 8, 2021 at 5:03 am
      Reply

      @ SteveB
      Some banks demand the mobile phone, still they are not sick.
      Google, Amazon and many others offer for 2FA the option “Don’t ask me again on this device”.
      Tick that checkbox and from there on log in using only your password.

      1. PANAMA PATRICK said on May 8, 2021 at 7:23 pm
        Reply

        TOTALLY SICK OF COMPANIES THINKING THAT EVERYONE
        HAS A MOBILE PHONE. I DON’T, I’M 82 YEARS OLD AND MY
        EYESIGHT PROHIBITS ME FROM READING ANYTHING ON
        THOSE PHONE. BESIDES, WHAT THE HELL DO I NEED SECURITY
        FOR? I DON’T HAVE ANY TOP SECRETS OR CONFIDENTIAL INFO
        IN MY COMPUTER. WHAT BULLSHIT!!! THIS SECURITY SHIT IS
        GETTING RIDICULOUS.

      2. Friar Tux said on May 22, 2021 at 6:15 am
        Reply

        Easy, my friend. I, too, don’t do cell phones/mobile devices (I’m 70). I find those little suckers are WAY overpriced for what they’re worth so I don’t bother. Even if I had one, it would be off most of the time. (It is for MY convenience.) The security shit is ridiculous ’cause it needs to be, mainly ’cause most folks are dumb enough to keep really private stuff on their devices. (You and I are the smart ones, here.)

      3. Rebekah said on May 9, 2021 at 3:31 pm
        Reply

        >implying that I save cookies

        Doesn’t work with tracking protection.

      4. ULBoom said on May 10, 2021 at 3:16 am
        Reply

        @JV

        Get a new bank, doing financial stuff on a phone is really dumb. No real bank requires a phone.

        In the space below, add lengthy ready, fire, aim rebuttal:

        :)

    2. Doctor Tech said on May 8, 2021 at 9:57 pm
      Reply

      @SteveB

      Good news! You no longer have to feel “totally sick”, as your assumption is wrong. You don’t need to have your mobile phone on all the time. You just turn it on when you sign-in.

      Also, with Google, there are other options, such as opting out of all two-step verifications.

      But if you still want to talk bunkum and feel sick, then that’s fine by me.

    3. GScam said on May 9, 2021 at 12:46 am
      Reply

      Much more importantly SteveB, sick of them assuming that everyone is even stupid enough to provide companies like Google with their mobile numbers in the first place.

    4. gregory anderson said on May 23, 2021 at 2:30 am
      Reply

      Yes, I agree. Too invasive, plays with our email attempting to build artificial intelligence (infrequently sends my family emails and subscribed newsletters to me into Spam). I thought things might clear up a little once the original Pirate himself quit, but that apparently isn’t true.

    5. JJ said on May 29, 2021 at 8:07 pm
      Reply

      FORCING 2-FACTOR ON CELL PHONE IS VERY BAD. Glad someone else posted that they too, don’t do cell phones/mobile devices! I have a cheap, pay-as-you go phone for road emergencies that DOES NOT have a fancy graphical user interface. Every text message and phone calls COSTS MONEY – or if you prepay, it debits the allowance. Why should I have to pay money every time I want to check email or respond to a message? Bad enough to get unwanted SPAM. BTW – banks do NOT require a cell phone for authentication. There are other means which I won’t go into here. I no longer use gmail because it wouldn’t let me access an account even after answering ‘challenge questions’ correctly. There is no customer service to resolve this. Google is complete unresponsive. What’s up with email accounts that require you to provide an email account from a different provider to get an acount? It’s a circle in frustration.

  4. |\|\/\/0 said on May 7, 2021 at 3:13 pm
    Reply

    OWG disguised behind a fake corporate facade.

    1. Jim Vanderbilt said on May 8, 2021 at 5:13 am
      Reply

      @ |\|\/\/0
      Stupid conspiracy theory undisguised in a not subject-related comment.

      1. Anonymous said on May 8, 2021 at 6:29 am
        Reply

        Sure, just “stupid conspiracy theory”, even when it is a proven fact. Completely related.

        Seems you’re very defensive about Google, judging by your multiple comments.

      2. Jim Vanderbilt said on May 9, 2021 at 8:45 am
        Reply

        @ Anonymous

        1: Proven fact
        Surest thing.
        All conspiracy theories are.

        2: Being defensive
        Let’s assume that tomorrow a Ghacks article about Firefox facing problems with a certain Coolermaster keyboard receives ten comments claiming Mozilla was secretly trying to rule the world. I will call their BS ten times.
        That doesn’t mean I’m defensive about Mozilla nor Coolermaster.

      3. ULBoom said on May 10, 2021 at 3:19 am
        Reply

        @Anonymous

        Socks abound.

  5. Gerard said on May 7, 2021 at 5:29 pm
    Reply

    They want to harvest the maximum amount of personal data, that’s all. Discerning individuals don’t want to have anything to with Google, the notorious data thieves.

    1. Jim Vanderbilt said on May 8, 2021 at 5:08 am
      Reply

      @ Gerard
      Nearly four billion Google users are not discerning ?
      Only stubborn haters don’t want to have anything to with Google.

      1. Anonymous said on May 8, 2021 at 6:32 am
        Reply

        “You will obey!”

        We’re not ignorant, Jim. Do you need the facts shown to you for the thousandth time?

      2. GScam said on May 9, 2021 at 12:54 am
        Reply

        Right-o everyone, let’s all listen to Jim and pull our pants down for the G rod. He promises you will love it. After all, you don’t want to be called a “stubborn hater” for resisting their spying, do you? Thought not. Attaboy, now that’s a good sheep…

      3. Jim Vanderbilt said on May 9, 2021 at 8:54 am
        Reply

        @ GScam
        “He promises you will love it”
        Any clue why you produce such a blatant lie ?

      4. GScam said on May 10, 2021 at 12:19 am
        Reply

        I guess “obvious fact” = “blatant lie” to you, Jim. How else to explain your repeated defence of Google’s underhanded tactics, pushing this change in multiple comments here, or the utterly shameless “Only stubborn haters don’t want to have anything to with Google” comment?

  6. beemeup5 said on May 7, 2021 at 5:53 pm
    Reply

    I prefer using a second email for 2FA because that is the most convenient for me. I hate using SMS tied to my phone because what would happen if I lose / break my phone?! Then I’m doubly screwed because then I won’t have a phone AND I’m locked out of my account. Great.
    It’s supposed to be “two factor” not “single point of failure”. Alternate emails and authenticator apps provide 2FA without being single points of failure i.e. can be accessed through multiple devices..

    I’m going to use Microsoft Authenticator for my Google accounts, and Google Authenticator for my Microsoft accounts, just to keep these two in check lol.

    1. Chris said on May 8, 2021 at 10:19 am
      Reply

      >I hate using SMS tied to my phone because what would happen if I lose / break my phone? Then I’m doubly screwed because I won’t have a phone AND I’m locked out of my account. Great.

      Exactly!

  7. Tom Hawack said on May 7, 2021 at 7:44 pm
    Reply

    Reminds me “The Godfather” and its choice you can’t refuse.
    You can, if you avoid Google accounts in the same way avoiding bad areas limits the risks. They’ll still be after you so wearing a bullet-proof jacket is advised, and such a protection here means limiting meetings with BigG to the strict minimum (in my case, maps, images, translation) together with an army of blockers, smartly put in line because BigG, contrarily to BigF, cannot be totally blocked without breaking a considerable percentage of Web sites. Some of us opt for and manage with a 100% blocking of BigG (for instance [https://decloudus.com/] and its ‘Alpha’ option). I may one day or another switch to that approach.

    As ‘The Register’ states it [https://www.theregister.com/2021/05/07/google_password_purge/] :
    “One day, all your base are belong to us”. That day will arise soon if a mass of users don’t react.

  8. Milton said on May 7, 2021 at 8:14 pm
    Reply

    Yes, but the phone prompts stay as default. You can’t disable it. I just want to use the autentication app.

  9. Haakon said on May 7, 2021 at 8:38 pm
    Reply

    I’m not sure I “get” how this 2SV would factor into my environment…

    The only time I signed-in to google on my Moto X4 phone and Samsung Tab A was the first time I set ’em up, both about three years ago. To me, I’ve been “signed-in” ever since, though I’ve had to enter my password now and then when changing some account settings.

    On either device that might be in use or get my attention, I’m notified I got new mail and deal with it. If I’m spending time on my desktop PC and I want to check for new mail, Firefox fills the credentials and when I’m done, I sign out. And, of course, I use the devices’ apps or Firefox to send out email or re-read others. Neither the tablet or PC have my mobile phone number.

    I’ve had my gmail account since its invite-only days as part of a test team in an enterprise I contracted to at the time. As such, it’s just a fun account (forums, news, past co-workers) and not for my personal affairs or online commerce/finances.

    To add to the all this excitement, I’ve got another gmail account I set up for YouTube TV which I use on a Roku, the tablet and PC. I handle payments and customer service with my ISP email account.

    But if I have to 2SV every time I have to use gmail, it has run its course in my life and time to toss it in the Recycle Bin. Which is what I’d like to do with all of google. But the only alternative are eliti$t Apple devices. Five of one, $even of the other…

    1. ULBoom said on May 10, 2021 at 3:27 am
      Reply

      Hah! Funny, me too. Not sure I still like the person who sent me the invite. Took a few years for Google to go bad and become a spam and ad monster.

      Gmail? What’s that? Everyone was using email their IPS gave them.

      I’m down to one Gmail account from 4, soon to be none. Subscription email is vastly better, cheap, too.

  10. Flo said on May 7, 2021 at 10:15 pm
    Reply

    Its a step better than the totally useless email message they send “did you just sign in from {wherever}”.

    Due to what I do with location settings, my {wherever} seems to be my ISP’s location. Get a new device or if my ISP connection changes, my phones and computers start triggering Google “did you just sign in from {some location I don’t know”. I have my gmail account set to not alert on the phone (everything else too – the phone is a tool for your convenience, not vice versa). Sometimes it is many hours between logon and mail message. To me all those email messages are ‘the boy who cried Wolf’.

  11. Anonymous said on May 7, 2021 at 10:19 pm
    Reply

    Silly as always with Google lately. What if you don’t have a smartphone? Will they send you free smarthpone with mobile plan or offline token generator?

    1. Jim Vanderbilt said on May 8, 2021 at 4:39 pm
      Reply

      @ Anonymous
      You do not need a smartphone.
      Generate tokens with browser extension or stand-alone app or password manager, or use FIDO or get codes via voice call to your landline.

      All these options are nicely listed in the article above, maybe next time you read the subject of your comment first ?

      1. PANAMA PATRICK said on May 8, 2021 at 7:46 pm
        Reply

        JIM, I LIVE IN A FOREIGN COUNTRY, THE REPUBLIC OF PANAMA, AND GOOGLE DOES NOT SEND ANYTHING TO MY LANDLINE PHONE. A COUNTRY CODE, AREA CODE AND PHONE NUMBER IS REQUIRED.
        I AM 82 YEARS OLD AND HAVE VISION PROBLEMS (AMD-WET) SO A SMARTPHONE IS OUT OF THE QUESTION.
        I HAVE NOTHING TO HIDE THAT NEED A SECURITY PASSWORD, WHY CAN’T IT BE MY CHOICE? NOT GOOGLES?
        IT SEEMS TO ME THAT THIS IS ALL ABOUT CONTROL.
        PLEASE EXCUSE THE UPPER CASE AS MY VISION IS VERY LIMITED.

      2. Jim Vanderbilt said on May 8, 2021 at 9:35 pm
        Reply

        @ PANAMA PATRICK

        It is your choice:
        Setup 2FA using (for example) the browser extension “Authenticator” ONCE and tick “Don’t ask me again on this device”.
        From thereon you login with your password as usual.

        Google does deliver codes to Panama:
        Country code is +507.
        Split the actual phone number randomly, enter for example a landline number with the first 2 digits as area code and the remaining 5 digits as phone number.

      3. ULBoom said on May 10, 2021 at 3:30 am
        Reply

        Brilliant reply to (probably yourself) someone who can’t read a phone or anything else you’ve posted.

        Kewl.

      4. JJ said on May 29, 2021 at 8:12 pm
        Reply

        Huh? Just reading that ‘simple’ convoluted techie workaround exhausted me

  12. Funkyy said on May 7, 2021 at 10:38 pm
    Reply

    I don’t have, have never had and will never have a damn mobile phone.
    Everywhere you look is full of “phone junkies” allowing themselves to be chained to a contraption every day….feeling “obliged” to answer the contraption when it rings/bleeps/buzzes. Afraid to “miss out” on some funny/useless/unimportant piece of information/meme/photo etc.
    And while they become phone zombies life in the real world passes them by.
    Rant over…I feel better now!! lol

    1. Daniel said on May 9, 2021 at 1:12 am
      Reply

      I still do have a mobile phone, but it simply does what its name suggests since it’s not the so-called ‘smart’ variety (bonus – battery lasts for days!). No more occasional digital detox required. My life is much more peaceful now, honestly, since no more mails and other crap to deal with during off work hours (was never a social media junkie anyway – too toxic and creepy data collection wise for my tastes). Not just that, at first my co-workers and friends all laughed at me, but now I see a whole bunch of them has followed suit. Ha, guess who’s having the last laugh!

  13. Crazy Old Ferd said on May 7, 2021 at 10:45 pm
    Reply

    I use Authy. And I despise SMS as a 2FA because it incentivizes black hats to attack the phone system. Argh!

  14. allen said on May 8, 2021 at 12:43 am
    Reply

    Why else did you link your phone to your account?

    1. GScam said on May 9, 2021 at 1:13 am
      Reply

      Who said all of us did?

  15. Anonymous said on May 8, 2021 at 1:03 am
    Reply

    I’ve already setup proton, just need to commit and make the permanent move. I’m tired of ‘Big Brother’ and its constant spying.

  16. Jim Vanderbilt said on May 8, 2021 at 2:21 am
    Reply

    Domain provider, credit card companies, health insurance, online tax, organ donor card, bitcoin exchange, banks and ISPs – they all “forced” me to use 2FA.
    But, of course, if Google does the same, the haters start typing (see comments above).
    As predictable as boring …

    PS
    Email, call and text message can be used with multiple addresses / numbers, and all options can be set up in parallel.
    No other login in the world offers this variety !

    1. Anonymous said on May 8, 2021 at 6:33 am
      Reply

      Not a single one of those that you mentioned forced 2FA on any of my accounts.

      I won’t use Google regardless, because of Google’s spying and connections to the CIA.

      1. Jim Vanderbilt said on May 8, 2021 at 8:51 am
        Reply

        Does this mean that you transfer money from / to your bank by carrying cash from / to their next branch ?
        Because (at least in the western hemisphere) no bank offers online banking w/o 2FA.

      2. Jim Vanderbilt said on May 8, 2021 at 9:47 pm
        Reply

        @ Anonymous
        PS
        Please don’t tell me you are able to declare your taxes online w/o 2FA or I have to assume you are living in Nigeria ;->

    2. Anonymous said on May 8, 2021 at 4:28 pm
      Reply

      Apparently you are mistaken. I use two banks, one is a credit union. Neither uses 2FA unless I choose to set it up.

      1. Jim Vanderbilt said on May 8, 2021 at 9:43 pm
        Reply

        @ Anonymous
        Both banks outside EU and US, right ?
        And just out of curiosity (having worked for an European bank’s IT for 30+ years): Can you please tell the names of the two, THANKS.

    3. Anonymous said on May 9, 2021 at 1:17 am
      Reply

      What is your vested interest in pushing this, Jim? Pray tell us, are you a loyal Google employee and is all this part of your attempt to prove said loyalty to your masters to achieve further advancement up the corporate ladder?

      1. Jim Vanderbilt said on May 9, 2021 at 8:51 am
        Reply

        @ Anonymous

        “Us” ?
        One Google hater plus who ?

        “Google employee”
        Read the comment you reply to !!!
        Bank employee.
        (Former bank employee to be exact, retired now.)

      2. Jim Vanderbilt said on May 9, 2021 at 9:38 am
        Reply

        @ Anonymous

        RE: “What is your vested interest in pushing this”

        2FA is always intended to secure user’s data.
        Banks fight an additional threat:
        Tracking John Smith for money laundering he could claim plausible deniability if his account was accessible using only the password (“qwer1234” notabene).
        To avoid that scenario all banks are subject to respective regulations (even banks in Nigeria probably).

        Latest development in the EU:
        Each single credit card transaction has to be 2FA secured !

        So it looks like somebody is (again) using BS to support baseless claims against their imagined enemy …

      3. Anonymous said on May 10, 2021 at 12:33 am
        Reply

        Riiiight, and I suppose the Fact with a capital F that scaring or forcing people to share their mobile nos. with intrusive spy Google also neatly serves to further their tracking agenda in the mobile/financial domains (they also keep trying to shove GPay down users’ throats here) had absolutely NO bearing at all on this decision? You can cry “conspiracy theory!” all you wish (FB fanboys flung this too back in the day at those who criticized it, not so much now), but if you honestly think Google’s doing this (or literally anything) for altruistic reasons and because it truly cares for its users, you seriously need help.

  17. joe said on May 8, 2021 at 6:38 am
    Reply

    How about people (like myself)
    who are HEARING IMPAIRED
    or even DEAF.
    We don’t own or use cell phones…
    makes sense?.

    Many companies don’t think
    about all the different types of Users / Clients…
    Many have no cell phones.

    Google!
    Are you listening???
    (no pun intended…).

    1. Jim Vanderbilt said on May 8, 2021 at 11:19 pm
      Reply

      @ joe
      Once more from the article above:

      Security keys !
      Authenticator app !
      Backup codes !
      ALL WITHOUT PHONE !!!

      Joe !
      Are you reading ???
      (At least now …).

  18. Ariweee said on May 8, 2021 at 12:43 pm
    Reply

    Then we need several alternatives! Suggest some really accurate, and very good search engines that don’t spy like google ?! But, giving examples, do it with the exact link!

    1. Zack said on May 9, 2021 at 1:19 am
      Reply

      DuckDuckGo. Don’t be lazy, figure out the link if you’re really interested.

  19. Google Is Horrible said on May 8, 2021 at 3:20 pm
    Reply

    Google is so annoying. Taking away user choice is such an evil thing to do.

    If person A wants 2FA, let them use it.

    If person B doesn’t want 2FA, don’t force it on them.

    Forcing all the sheep into the same corral is just a manipulative and controlling thing to do.

    No one asked for this. It’s Google exerting unwanted force and control over it’s users.

    It’s also going to backfire on Google in such a big way. People are going to get locked out of their accounts and get pissed off at Google. Just watch as the needless & stressful drama unfolds.

    I have a Gmail account that I use for unimportant correspondence. It’s apparently time to find a new email provider. There is nothing private in that account, and I don’t want to waste my time with 2FA every time I want to check my email. It’s going to be a PITA to move all the emails from that Gmail account to a new provider. Screw Google.

  20. Dibyajyoti said on May 8, 2021 at 5:45 pm
    Reply

    Can anyone help me to recover my gmail account? 2FA was on and I have forgotten the password of bothe the primary account and recovery gmail account. I am not able to reset my password because google asks for verification code sent to the recovery mail after putting the verification code sent on my registered mobile. Kindly help me otherwise I will have to lose all my digital life.

    1. Ron said on May 9, 2021 at 1:22 am
      Reply

      Nobody’s gonna help you hack your ex’s or boss’ account, dude. ;)

    2. ULBoom said on May 10, 2021 at 3:32 am
      Reply

      It’s Djibouti and there are plenty of Nigerian Princes eager to help you and give you lots of money, too!

  21. VioletMoon said on May 8, 2021 at 5:56 pm
    Reply

    Update: “According to Risher, Google will start ‘automatically enrolling users in 2SV [what Google calls 2FA] if their accounts are appropriately configured.’ However, Google said that users would be given an opportunity to opt out, too.”

    “Correction: This story has been updated to note that Google’s Risher clarified Google’s position by noting that users would be given the option to opt out of the two-factor authentication.”

    from PCW:

    https://itsssl.com/9QNEG+

    Nothing worse than articles that aren’t updated to reflect the latest news other than news that comes out long after its news:

    https://itsssl.com/VDSJZ+

  22. Benjamin said on May 8, 2021 at 9:06 pm
    Reply

    They collect (steal) massive amounts of data, yet what they do not have is a verification of peoples identity unless they are allowed to get their hands on such data for example from a telecom company which verified the identity to get a mobile phone number contract.

    1. Anonymous said on May 10, 2021 at 12:44 am
      Reply

      Right on target, but someone explain it to poor ol’ “Google Defender” Jim in the comments here. Don’t know how long ago he retired from his bank job, but there seems to be a major disconnect when it comes to understanding to what lengths Google will (and does) go to gather and exploit data on people. Can’t be a bigger boon to the company really than to have such enthusiastic users like him. Wonder if he’s equally gung-ho about FB as well?

  23. Charlie said on May 8, 2021 at 10:39 pm
    Reply

    I am confused by this. We (wife and I) do not have 2FA set up at all anywhere and we do not do any online banking.
    We have a home landline but often we are away from home – so we cannot use the landline phone number for 2FA. We do not share a common email account.
    We each have a cell phone and of course the 2 cell phones have different phone numbers.
    Say we are away from home with our cell phones – but not together – but we share the same Google account, if I set 2FA to send the msg to my cell phone number, my wife’s phone would never get the the messages from Google – so my wife could not login. Is there a way to address this problem?

  24. Fuck Google said on May 9, 2021 at 8:42 am
    Reply

    This is absolute fucking bullshit, ‘do no evil’ is most defiantly removed. Watch https://www.thesocialdilemma.com/ to understand why they want to bind your phone with your google account. All your life are belong to us

    1. GScam said on May 10, 2021 at 12:49 am
      Reply

      And yet you can see people defending such bullshit here and elsewhere. The ones standing to profit of course I can understand, but the remaining sheep? Pathetic.

  25. Yash said on May 9, 2021 at 9:02 am
    Reply

    With all due respect to other folks here and yes I hate Google too because years ago I had to create an account for my smartphone to download apps. But forcing 2FA in long term is good for users. I use Aegis Authenticator(F-Droid) and the key is stored in my password manager, so no chances of me getting locked out of my account. And I do the same for my Firefox account and several other services which offer 2FA option. As several users pointed out phone numbers are not ideal for anything besides making calls. Twitter’s CEO case is well known as hackers hacked his account by SIM flaw, so better stay away from OTP based 2FA authentication, unfortunately the method used by most banks.
    However I do hate Google Prompts and even the most Google loyalists can’t defend that option as Google account required it sometimes even though I used Authenticator codes in the past. And it would be the default option no matter what.

  26. Lemegeton said on May 9, 2021 at 1:04 pm
    Reply

    As correctly stated above, alternatives are needed:
    I just want to remind you that tutanota.com does not require a mobile phone, is located in Europe (Germany – where privacy laws are stricter than in the U.S.) and has built-in encryption (between service accounts).

    And also a reminder that technically “two-factor authentication” from Google is a lie:
    “Factor” must meet at least one of the characteristics:
    -Knowledge (e.g., password)
    -Possession (e.g. a key)
    -Inherent (e.g. fingerprint)

    However, Google deceives users by saying that “cell phone ownership” is a factor of Posession, because in fact, in this scheme of theirs, the factor is not the phone itself, but the SMS to that phone number (in fact, the phone number itself). But this “factor” is completely controlled by your mobile operator, not by you. It is they who own your number, who can block it and, over time, pass it on to someone else. You do not own your mobile number, so you do not really have this “second factor”.

    1. Anonymous said on May 10, 2021 at 12:54 am
      Reply

      A very good point indeed. Next to impossible to convince the lemmings though.

    2. TelV said on May 30, 2021 at 12:14 pm
      Reply

      @ Lemegeton,

      I’ve registered my tutanota a/c as my 2FA and in the past it’s worked without question when logging in to my Youtube a/c.

      But things have changed since then and when I tried to login this morning I was presented with the message that Google couldn’t verify that it was me and wanted verfication via a 2FA code sent to my phone. I tried the option “Try another way”, but it kept returning to the phone method. I didn’t login and now I’m being plagued by SMS to my number stating “Somebody has your password”.

      So the choice now is either never login to yt again, or relent and admit defeat (which is not in my nature).

      1. TelV said on May 30, 2021 at 8:21 pm
        Reply

        I should add here that I never gave Google my phone number and it’s not registered in my Google account. So how did they get hold of it you may well ask.

        Well, I use an app called LINE for chats and they have a large collection of animated stickers which users can purchase. I didn’t want to use my credit card or use Google for payment and opted to use a service my ISP offers by having online purchases charged to my account with them. I thought I was being clever at the time by avoidng Google Pay, but to my horror that’s exactly the route payment took. So now Google has my phone number. :(

  27. Khaelyn said on May 9, 2021 at 9:47 pm
    Reply

    Two-Factor is NOT secure, in fact it the complete opposite. For example install/setup new Windows 10, use a “Mobile” number to use/make account, you have now logged into emails and accounts of who ever had used that mobile number on windows before.. (Numbers are NOT unique to you or anyone, they have been owned and used numerous times.) And you will not have said mobile number forever. Now you and others are sending each other mobile login verifications..

    1. Jack said on May 10, 2021 at 6:53 pm
      Reply

      “you have now logged into emails and accounts of who ever had used that mobile number on windows before”

      Nope, I call B.S. on this. If it was so simple to gain access to others’ mails and accounts don’t you think there would’ve been a huge hue and cry over this? In short, provide proof or stop talking nonsense.

  28. ULBoom said on May 10, 2021 at 3:37 am
    Reply

    Wow!
    Where did the trolls and socks come from?

    Ex E Lawn Fanpersons?

    Hah!

    1. BANANAMA BATDICK said on May 24, 2021 at 10:35 am
      Reply

      They have always been here. They just stopped taking their meds.

  29. Steve said on May 12, 2021 at 9:15 am
    Reply

    Sorry I’m kind of late for the conversation but I just want to add two things:

    1) 2FA won’t help anything, if they are really after you. Moreover, if you go the SMS route you will lose your line too via a sim-swap. In other words, phones are not for 2FA, security keys are.

    2) Why do companies blame it on passwords instead of people? The problem is people picking stupid passwords. If you pick a long random one with numbers mix capped letters and even a few symbols, guessing that is laughable. Most brute force attacks goes for dictionary-based and already-known passwords (like 1234).

  30. anon said on May 12, 2021 at 10:09 pm
    Reply

    I rarely use my “Google” account so this change doesn’t mean much to me, but I NEVER use 2FA for anything. Security risks have always existed and will do so even with 2FA.
    There are two reasons why I don’t want to use 2FA:

    1. laziness – I don’t want to set this up and I don’t want to use other devices or services for something that I could always do with just a password. And no, I don’t want to use some paid or “”free”” service, tool or whatnot to “”securely”” save my passwords and connect stuff for me. Just let me login normally with my password. If I (or them) get hacked and my password or whatever is stolen so be it. After my Xbox account got compromised once just for going online and linking PayPal I default to thinking it doesn’t matter what you do and hacks will always happen.

    2. account linking – I hate this and want to do it as little as possible. Every darn site or app wants to link/merge accounts and most of the time at the center of it all is the precious Google account/mail. One gets hacked, all get hacked. You lose your gmail account for some arbitrary reason you’re f***ed. No thanks!

    (3. I’m a proud dumbphone user so no fancy apps for me and I’m not giving out my PRIVATE phone number to a scummy company like Google)

    I’m really tired of all the coddling nowadays to make things simpler and “safer” by removing options/customization while forcing dumb crap on me so they get more data on their “customer.”
    Big F U to the big Gman

  31. TelV said on May 30, 2021 at 7:15 pm
    Reply

    @ Martin,

    I just used the link you provided to login to Google, but didn’t see any option to opt out of 2FA so I guess they’ve changed their minds.

    The only addition was a prompt to add my phone number which I declined and then I removed my phone from the “signed in devices” and subequently signed out of all accounts.

    However, I’ll probably have to review that decision since the chat app I use (LINE) is only available via the Play Store I regret to say.,

  32. TelV said on May 31, 2021 at 5:54 pm
    Reply

    I relented and bowed to the great G in the sky. Reason? I wanted to buy an iPhone and be done with Google, but guess what? Apple doesn’t have a user manual you can download prior to purchasing the phone. That’s a big No-No for me.

    I like to acquaint myself with a product before putting my hard earned cash on the table and the user manual which practically every major manufacturer makes available online is the best way of doing that I find. But it is not to be in this particular case.

    By the way Martin, the link to Companies —> Apple on your site doesn’t work. The message which appears is “The page isn’t redirecting properly”. I tried it in Firefox as well Waterfox but the same message appears on both.

  33. Hunter said on May 31, 2021 at 10:23 pm
    Reply

    Reading some comments here made me rolled my eyes. I will be adopting Harmony OS once it crosses over to laptops/PCs (the phone version launching this June). Screw Google/Apple. China can has all my private info. Won’t b able to do jack to me coz I live in North America!!

  34. ?.?. ?????? said on June 5, 2021 at 11:23 pm
    Reply

    Th?t’s Sucks BigTime, I just Got ? New Motorol?® Cellul?r Phone, It’s Won’t Let Me into My G•M?il ?ddress. It’s Too Hard Enough As is!!!!!!! I’ve Been Trying For, Wh?t SEEMS Like A Few Days Now. By The W?y, I WasTold Th?t I Could Pick Any ?vlil?ble Number I W?nted. So I W?nt, 760 623 7752. Ple?se Help Me.
    ?.?. ??????

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.