Current Events > GOOGLE threatening us with 2STEP Verification again

(+) Yeah! (+)

Google is again saying we must set up 2 step verification.

Even if you manage to hang onto your phone, keep it with you at all time, keep it charged, do not drop it, there are still outtages and malfunctions.

Betting there will be enough people suing GOOGLE for loss of their accounts to make a lucrative class action suit.

I hated 2 step verification for a long time. But then I noticed that my Microsoft account had been almost hacked. I was really afraid. From this moment on I enabled max. security and use the Microsoft authentification app for all major sites/apps I use. The additional steps are annoying, but it's still miles better than risking to loose accounts and valuable data.

Ive lost access to one of my PayPal accounts because i switched phone numbers and forgot to change my account details.. i could always ring up paypal but too lazy..

that said i don't mind if 2fa is required. My runescape (reg runescape not oldschool) acc got hacked a couple years ago and this could have been prevented with 2fa. Lost my party hats and other rares . Had a pretty strong password too but used it frequently across a few other sites. Guess a databreach on one of those sites got me. I don't reuse passwords anymore and have 2fa set up for most things that offer it.

considering how often passwords get leaked I'd take 2fa no matter what.

ill just be getting a 2nd hand pixel phone next year as a burner for 2fa stuff.

Isn't it narrow minded or egocentric to say it is ok when it does not work for most people?

don't you dare google. don't you dare.

I've been using it for years already.

CobraGT posted...

Isn't it narrow minded or egocentric to say it is ok when it does not work for most people?

is it more egocentric than saying it doesn't work for the majority of people without any data backing it up?

you talk about people losing their accounts, but what about the people losing accounts just because some random basement dweller looked up their password in a leaked database and took everything hooked up to that email?

Yeah I had been getting notifications that if I wanted to continue to use Google Pay I need 2FA enabled by a specific date. I already have 2FA enabled though.

Is taking an extra 2 or 3 seconds that much of an inconvenience?

Gunna sound old but growing up I didn't need any passwords
None.

You hate them until you get one sent to you randomly one day that you didn't request.

I'm not a fan of it... I turn it off whenever I can...

008Zulu posted...

Is taking an extra 2 or 3 seconds that much of an inconvenience?

Depends on where you are, and your access at the time... For example, if I do something while at work, it would take way more than 2 seconds depending on how it sent it. If by email, it can take a while since my email won't actually log on at work anymore, and the service sucks. So, even going outside, it would take at least a little while before being able to do it... And hopefully, there is no time limit on it... There are also plenty of times when I don't have my phone right next to me to get the text messages... I leave it all over the place...

xGhostchantx posted...

You hate them until you get one sent to you randomly one day that you didn't request.

Luckily, I've never had to worry about that. I think the only thing that may have gotten hacked once was my pizza hut account... And that one didn't have my current card on there (the one on the account was either frozen, expired, or both)... And I think I had used the pizza points not too long ago... So, they couldn't really do anything... I just type in new card every time I use it...

Have backup codes. I got copies of all my important 2fa backups in a physical safe, home nas, and encrypted in a dropbox account.
https://support.google.com/accounts/answer/1187538

.

xGhostchantx posted...

You hate them until you get one sent to you randomly one day that you didn't request.

For reals. I'll constantly have one of these requests pop up for a program or site I haven't used in a while and it's just another reminder that it's working and to keep on using it as much as possible.

https://duo.com/blog/estimating-googles-two-factor-2sv-adoption
@TetsuoS2

There was some clever research published at EUROSEC 15 last month that leveraged an information leak in Googles service to approximate 2SV adoption and their results came out to 6.4%, which is eerily close to our barely-counts-as-math estimate.

CobraGT posted...

https://duo.com/blog/estimating-googles-two-factor-2sv-adoption
@TetsuoS2

There was some clever research published at EUROSEC 15 last month that leveraged an information leak in Googles service to approximate 2SV adoption and their results came out to 6.4%, which is eerily close to our barely-counts-as-math estimate.

I do appreciate the math and the link, but adoption rate isn't the same as

CobraGT posted...

when it does not work for most people?

There's too many factors involved.

Sorry, I just don't see why wanting 2FA to be required is selfish.

TetsuoS2 posted...

Sorry, I just don't see why wanting 2FA to be required is selfish.

I wouldn't call it selfish... But I think it's dumb to require it... I also think forcing people to use passwords they won't remember because they keep making the requirements longer and more intricate without using a previous password is dumb, as well...