What About: Enforced 2-Step Verification for Google Gmail Account? Are you willing to take the "two step"? Has Google become just too authoritarian in its most recent overstep?

[GammaGlobulin]

Regarding this 2-Step Verification that Google has been pushing out, day by day, week by week, to hundreds of millions of hitherto dedicated Google users:

 

What is your opinion?

 

Is this just the first step?

 

Will other more authoritarian steps be sure to follow?

 

There may be advantages to the 2-Step Verification demand from Google for login to our Gmail accounts.

However, are there also downsides correlated with Google's authoritarian approach to its users?

 

Google began by promising that it would do no harm.

And, we all know that Google, many years ago, gave the middle finger to the authoritarian regime in China, which must have cost Google a bit in income.  However, by not kowtowing to the CPC, Google did the right thing while also gaining much respect from most of the world.

 

Now, it seems, Google is becoming too big for its britches.

 

Google began at Stanford in, presumably, an open academic environment.

At that time, there is little doubt that Google was a small company of two people who never wished to do harm.

 

But, what about now?

 

It is not so easy to opt out of the 2-Step, and maybe other authoritarian future "suggestions" that Google might have in store for users.

 

Is enforcement of any policy like this good for the world?

 

Speaking of the two step: One might dream of compelling the guy at Google who thought up this new "security" policy for Gmail users to dance the two step, every day, 100 times each day, until this enforced policy comes to an end, to dance the Texas Two Step, forever and ever.

 

Bad idea?

Good idea?

 

Do you think that Google is getting...just too American-centric and parochial for its own good?

 

Do you think that Google could have provided a far better solution, and one more secure, than the two step?

 

Maybe yes/maybe no.

 

 

 

Do you think guys in Texas would submit to authoritarian demands from Google?

 

 

 

 

[ozfarang]

Yes

 

No

[Old Croc]

It's not just Google, others are making it annoying to log in. Lazda for instance now requires an email code check.

[ozfarang]

Two step verification is becoming the norm these days. It is annoying but makes it that much harder for the would be hacker

[GammaGlobulin]

1 minute ago, Old Croc said:

It's not just Google, others are making it annoying to log in. Lazda for instance now requires an email code check.

Agree, yes.

 

However, nobody, these days, can opt out of Google services, and this is the difference.

 

Google has become so intertwined with our business and personal lives, almost every minute of the day, that it is now truly impossible for use to extricate ourselves.

 

This is the danger of becoming overdependent on any single private company.

 

Google may become even more poisonous than the mythological Hydra of Lerna, in the end.

 

Google needs much more oversight?

 

Maybe yes?

Maybe no?

 

 

[JackGats]

Once your device is recognised as a "trusted" device it's not too bad. It doesn't require you to verify any more unless you log out of your account and in again.

[Elkski]

A bit of a worry these 2 steps are when you travel to Thailand and change sim cards then what do you do?

[GammaGlobulin]

2 minutes ago, JackGats said:

Once your device is recognised as a "trusted" device it's not too bad. It doesn't require you to verify any more unless you log out of your account and in again.

Just an honest question:  What about if you have multiple devices using the same Gmail account, in more than one country?  What happens then?

 

Do you think that the Google Gmail AI will be able to distinguish between valid logins, versus bogus logins?  (if you get my meaning)

 

Or, will the user get pummeled with endless notifications to verify, verify, and VERIFY, again!

[Dart12]

these are only annoying when they require a 'real' number and will not accept a VOIP.  

these are done for your protection, not annoyance.

However Google is a complete invansive company where teh cEO says you do not deserve privacy and need their overwatch on you.

As does FB, Twitter, TikTok, IG, Amazon, and more.  Your cell phone now is an actual spy device against you with the microphone on at all time recording you (yes, this is real).  We actually pay for  and install the government and tech to spy on us for our little convenniences in life.

[MrJ2U]

56 minutes ago, GammaGlobulin said:

Do you think guys in Texas would submit to authoritarian demands from Google?

If Trump told them to.

 

They'll follow any conspiracy theory or nut cases Right Wing demand.

 

Texas, what a dump.

 

2 step verification is for security purposes.  If all you do all day is play Candy Crush then turn it off.

 

Turn off 2-Step Verification:

 

1) On your Android phone or tablet, open your device's Settings app Google. Manage your Google Account.

 

2) At the top, tap Security.

 

3)Under "Signing in to Google," tap 2-Step Verification. You  might need to sign in.

 

4)Tap Turn off.

 

5)Confirm by tapping Turn off.

 

Pretty simple.

 

 

[MJCM]

31 minutes ago, Elkski said:

A bit of a worry these 2 steps are when you travel to Thailand and change sim cards then what do you do?

You can add more then 1 phone number to the account, I have

 

- My Thai Number

- My Wife's Number

- My EU Number

[GammaGlobulin]

4 minutes ago, MrJ2U said:

If Trump told them to.

 

They'll follow any conspiracy theory or nut cases Right Wing demand.

 

Texas, what a dump.

 

2 step verification is for security purposes.  If all you do all day is play Candy Crush then turn it off.

 

Turn off 2-Step Verification:

 

1) On your Android phone or tablet, open your device's Settings app Google. Manage your Google Account.

 

2) At the top, tap Security.

 

3)Under "Signing in to Google," tap 2-Step Verification. You  might need to sign in.

 

4)Tap Turn off.

 

5)Confirm by tapping Turn off.

 

Pretty simple.

 

 

May I respectfully submit to you that this "opt out" option which you mention, and one which we all know about, and the very one which we have used in the past, will soon be coming to an end for most users, other than major commercial accounts which have their own IT departments.

 

My understanding of this might be incorrect.

 

Please feel free to elucidate further concerning this important point.

 

Thank you.

 

 

 

 

[soi3eddie]

43 minutes ago, Elkski said:

A bit of a worry these 2 steps are when you travel to Thailand and change sim cards then what do you do?

That's what I worried about and delayed turning on 2FA (referred above as 2-step). Actually it's no issue as it's the device that gets authorised and changing sim does not require re-verification. Many more websites and companies will require this soon and Google seems to do a better job of it than most others. 

 

 

[MrJ2U]

4 minutes ago, GammaGlobulin said:

May I respectfully submit to you that this "opt out" option which you mention, and one which we all know about, and the very one which we have used in the past, will soon be coming to an end for most users, other than major commercial accounts which have their own IT departments.

 

My understanding of this might be incorrect.

 

Please feel free to elucidate further concerning this important point.

 

Thank you.

 

 

 

 

Nice reply after my rude response, my apologies.

 

I've turned off 2-step verification on most of my devices.

 

https://thehackernews.com/2022/10/google-rolling-out-passkey-passwordless.html?m=1

 

Google is/has been rolling out Passkey.  I'm not sure if it is replacing 2-step.

 

 

 

2-step has personally helped when my little ones try to buy a game or app on Google play. It alerts me when someone is trying purchasing something without my permission.

 

Honestly I don't give it much thought unless I am doing banking online. 

 

 

[ThailandRyan]

46 minutes ago, ozfarang said:

Two step verification is becoming the norm these days. It is annoying but makes it that much harder for the would be hacker

I also use the Google Authenticator app for many of my accounts including my crypto account and my VPN

[ignis]

15 minutes ago, MJCM said:

You can add more then 1 phone number to the account, I have

 

- My Thai Number

- My Wife's Number

- My EU Number

Sort of, you make it sound easy...  years ago would buy a Thai Sim card when I arrived here on Holiday.....  Likewise going to UK on Holiday would buy a UK Sim card as soon as getting off the plane......  

 

How would you enter a EU or UK number to a brand new UK Sim card to connect to your email account.? 

 

I have tried looking this up, appears would loose ones email account as cannot verify.......  only other option would be to buy a Roaming package....  Why to use 1 time only crazy  

 

So far as I know UK Sim cards are not sold here, so how to enter a UK number before leaving Thailand ??

 

Everything to make it complicated and confusing for us oldies 

[DaLa]

1 hour ago, ozfarang said:

Two step verification is becoming the norm these days. It is annoying but makes it that much harder for the would be hacker

That's the theory. Makes it 'that much harder for the would be hacker', sometimes makes it impossible for me to access my bank accounts.

[MJCM]

24 minutes ago, ignis said:

Sort of, you make it sound easy...  years ago would buy a Thai Sim card when I arrived here on Holiday.....  Likewise going to UK on Holiday would buy a UK Sim card as soon as getting off the plane......  

 

How would you enter a EU or UK number to a brand new UK Sim card to connect to your email account.? 

 

I have tried looking this up, appears would loose ones email account as cannot verify.......  only other option would be to buy a Roaming package....  Why to use 1 time only crazy  

 

So far as I know UK Sim cards are not sold here, so how to enter a UK number before leaving Thailand ??

 

Everything to make it complicated and confusing for us oldies 

You can also download a list of 10 backup codes, and if you don’t have access to any of your devices, then just use of one of those codes.

 

or use an Authenticator app on your phone and use the codes that it generates to enter, no sim needed.

[GammaGlobulin]

10 minutes ago, MJCM said:

You can also download a list of 10 backup codes, and if you don’t have access to any of your devices, then just use of one of those codes.

 

or use an Authenticator app on your phone and use the codes that it generates to enter, no sim needed.

Do you know anything about the important science of: Simplifying a design in order to reduce its complexity?

 

Do you think Google has ever heard about the importance of Ergonomics?

 

Someday, maybe soon, we will need a computer just to login to our computers.

 

Things can be done much better.

 

But, Google is not motivated to make things better.

 

Gone are the days when Google gave the middle finger to the CPC.

 

Now, maybe, Google is becoming our next Great Leader.

 

Things can only get worse because nobody cares about making them better.

 

Where art thou, Richard Stallman?

 

Why hast thou forsaken us?

 

 

 

 

[MJCM]

11 minutes ago, GammaGlobulin said:

Someday, maybe soon, we will need a computer just to login to our computers.

https://www.zmescience.com/science/news-science/smartphone-power-compared-to-apollo-432/

[JimGant]

What am I missing here? I've four gmail accounts and none has required an "enforced" two-step logon. Yes, there's an option for it, but if you don't click the "turn on" button, you don't get it. Nice, tho', that you have the option, as additional security may be desired by some.

 

So, not sure where the OP is coming from....... The tone of his dialogue sounds like he's into conspiracy theories, however.

[Dart12]

2 hours ago, Elkski said:

A bit of a worry these 2 steps are when you travel to Thailand and change sim cards then what do you do?

Most services accept a voip number.  Sign up for google voice and get a number.  I use it for 95% of everything for these types of two steps.

Occassionally you get a bank that will ONLY allow  a "real" number.  Those are a PITA because typically you don't want to give up your real number tied to say apple, but you also aren't using it or can't while here.

In that case I park my main number at numberbarn and get my texts to it there.

but getting a free voip number from google is gonna be your best and easiest choice.  Then it gets sent to your phone and computer and where ever else you want it.

I actually use it as my way to call people in the usa still from thailand, if they are older and do not have any of the 50 messenger apps out there like my father.

[Lacessit]

I tend to avoid worrying about things I can't change, and focus on what I can.

 

Nowadays, I have about 40 passwords, having a second verification in any is no big deal. I keep a document file of all of them, unhackable as they only display mostly asterisks.

 

I can't say I have noticed any problems with my gmail account logging in, although I also have a standby yahoo email address in case.

[jaywalker2]

Google did turn on two-step verification automatically at one point and although I turned it off, I get constant reminders for security checks that urge me to turn it back on.  I would prefer not to have my account tied to my phone so if an OTP is necessary I would rather have it sent via email but not everybody gives you that choice.

 

On the other hand, I haven't been able to set up an instagram account.  I've tried 3 email addresses and in each case got a message that it was already in use. Also, Instagram demands that you sign up using a phone number, which facebook then sells to advertisers. So I've given up on using it.

[kokesaat]

I've been using gmail exclusively for over 10 years....desktop, 2 mobile phones, laptop.....in Thailand and during multiple long vacations to the US.  Sometimes I'll draft an email on my laptop while I'm having breakfast........snap my laptop shut......and go to my desktop to resume drafting my email. 

If my desktop or laptop recognize my face, my gmail account is where I left off.  If I use my fingerprint on my mobile, my gmail account is where I left off.  I don't have to do 2 step authentication unless I sign out on one of my devices.  

I'm a fan of 2 step......on my bank accounts, on vanguard, on my military retiree accounts for medical/pay, on social security.

Two weeks ago I established an ID.me account to make access to all my military related accounts easiere.  To establish that account, I had to sit through a zoom session where I showed my passport photo and US drivers license as proof of my identity.  It wasn't as simple as holding up the photo page of my passport, as the interviewer has me move the photo page to help her observe all areas of that page.  Same with the license.  

I'm getting ready to close on a house in the US......but I'll be in Thailand.   I can do it over zoom after verifying my identity and allowing our daughter to sign the paperword.  

2 step verification.....a sign of the times.  If it helps protect my accounts/identity, I'm all for it

[GammaGlobulin]

1 hour ago, JimGant said:

What am I missing here? I've four gmail accounts and none has required an "enforced" two-step logon. Yes, there's an option for it, but if you don't click the "turn on" button, you don't get it. Nice, tho', that you have the option, as additional security may be desired by some.

 

So, not sure where the OP is coming from....... The tone of his dialogue sounds like he's into conspiracy theories, however.

Nobody hates conspiracy theories worse than I, my friend.

 

Please just google Google, if you have the time.

 

Or, not.

 

Or, read this:  https://www.ghacks.net/2021/05/07/google-will-soon-enforce-the-use-of-two-step-verification-for-google-accounts/

 

OR, please continue your research, and then get back to us here, concerning your informed findings.

 

Thank you.

 

[Swiss1960]

Multi-Factor Authentication (MFA) is the future for secure access to banks / websites / social media etc. 2FA (2-factor authentication) is just a subset of it. Banks started with issuing you the little number pads for login to your online banking, and other companies followed. 

The second wave of 2FA was one-time passcodes through SMS (still in use), which need a telephone number to work or one-time passcodes sent through email, which "only" needs internet, but does not care about your phone number.

Todays standard are authenticator apps, be this Microsoft Authenticator, Google Authenticator, Duo - or any of the zillion other apps that provide that service. Additional factors can be fingerprints or Face ID.

 

It does not matter Google or Apple or Microsoft or banks or social media accounts - MFA is here and will not go away. Hacked accounts cost these companies a ton of money and effort to help the customer recover from a breach, and thus, MFA will be mandatory very soon. I currently have 6 different 2FA/MFA solutions in use, since there still is no clear standard and every company pushes their own / their partner's product.

[JimGant]

8 minutes ago, GammaGlobulin said:

OR, please continue your research, and then get back to us here, concerning your informed findings.

Well, I clicked on the link your provided. It's one and half years old, and the germane words are:

 

Quote

Google announced this week that it will soon enforce the use of two-step verification for Google accounts. The company wants to enroll its customers automatically, provided that the account is configured properly.

So, I guess, this is where you get the title of this thread, i.e., the operative word is "enforce." It's a dated 'scare' article, but apparently one you subscribe to. And that's how conspiracies begin....

 

But it hasn't happened, as my research continues every day, as I log into my Gmail accounts.

 

So, please refrain from inaccurate "gotcha" headlined threads, that wastes the time of folks interested in real news.

 

Sorry you have a dislike for super big businesses, like Google. But I applaud their success, and am grateful for the utilities they've provided that aid in my efficiencies. 

5 hours ago, GammaGlobulin said:

Will other more authoritarian steps be sure to follow?

Are you sure you're not a conspiracy subscriber? You sure sound like it.....

[JackGats]

8 hours ago, GammaGlobulin said:

Just an honest question:  What about if you have multiple devices using the same Gmail account, in more than one country?  What happens then?

 

Do you think that the Google Gmail AI will be able to distinguish between valid logins, versus bogus logins?  (if you get my meaning)

 

Or, will the user get pummeled with endless notifications to verify, verify, and VERIFY, again!

I don't think so. Once your devices are registered as "trusted devices", you're good to go. Unless you have someone using one of your devices AT THE SAME TIME 1000 miles from where you are, in which case Google might, I assume, require verification. What 2-step does is make sure that your Google account is at least as secure as your device(s). Remember too that if one of your device gets stolen you can "untrust" it from another device.

 

Where it can get confusing is if your are using different Google accounts across several devices and you lose track of which Google accounts are logged in on which device(s).

 

I do not resent 2-step on Google since I use Google drive for my docs.

[JackGats]

8 hours ago, Elkski said:

A bit of a worry these 2 steps are when you travel to Thailand and change sim cards then what do you do?

You can set up the other SIM as verifying number. But the best thing is to allow Google to verify on another device through Google services instead of SMS. Who doesn't have at least 1 fall-back device these days? You may also want to print out the emergency codes which work much like the old paper throw-away codes (TANs) used to work in remote banking.