IT 👏 IS 👏 OBJECTIVELY 👏 A 👏 DOWNGRADE 👏 IN 👏 USABILITY 👏 IF 👏 I 👏 HAVE 👏 TO 👏 GET 👏 MY 👏 PHONE 👏 OUT 👏 FOR 👏 USING 👏 A 👏 FEATURE 👏 OF 👏 A 👏 WEBSITE 👏
This is actually a really important security protection. Imagine if someone hacked into your bank account, and made a filter to hide all messages of transfers out of your account. Then even if they lose access to Gmail after some period of time, the filter keeps helping them.
Yeah this is just 2FA, and anytime I see someone complaining about 2FA I assume they don’t know what it’s like to actually be hacked, to have bank account info stolen and real money on the line.
Yes, it’s a pain to get out your phone. It’s more of a pain to lose all of your money due to someone getting your credentials and wiring it away. Google has a lot that we can complain about, enforcing security here is not one of them. If you don’t want to use the youtube app set up another 2FA authenticator.
I intentionally don’t link anything important to gmail because I don’t want to trust them with that. Why can’t I disable this?
No,👏it👏isn’t👏. Have you heard how companies are scammed out of money because of a compromised email?
The way it works is an attacker accesses an email account and sets up a rule saying all internal emails go to another hidden folder. The attacker then email the accounts team asking for payment to be made with an invoice, when the accounts team reply asking questions the attacker sees the email, not the actual email holder.
2FA is there to save your ass wtf
You have to open youtube for Gmail?
They use the YouTube app for 2FA as a backup. If you can’t access your Android phone or use an iPhone. Android phones have the prompt built-in to the system wherever you’re signed in
Which is real fuckin weird, given the existence of
Google Authenticator
Google Authenticator is actually one implementation of RFC 6238. That’s a problem for Google because:
- They don’t control it: RFC 6238 is an open standard
- RFC 6238 works offline, meaning Google can’t use it to track you and increase the surveillance on you
Google has been trying to kill off the Google Authenticator for years. Or rather, let’s say, gently push users away from it using dark patterns and promoting more convenient solutions.
Which is why everybody should use it as much as possible, because anything Google doesn’t want is bound to be better for the user. I mean I know TOTP is far from perfect and not super-secure if you’re a high-value target, but it’s good enough for most people and it keeps Google in the dark.
I wasn’t aware that Google uses the Youtube app as 2FA, but of course it makes total sense to them: it’s online and it’s one more surveillance point on your record whenever you use it. Then again, if you use Gmail and Youtube, there’s a good chance staying clear of the Google surveillance isn’t a priority for you, so it’s okay for you I guess.
I think all google apps do this now. I think it’s just based on what you last used. At least in theory it’s what you last used, sometimes it’s not at all right.
I’m just waiting for the day I have to open google sheets to approve my login.
I kinda figured that was the point of the post
Nah, this is a good feature.
I made a Proton account yesterday to start actually fully de-googling myself. It felt really good. I recommend it.
Proton email has huge improvements in usability also like:
- A search function that actually works and is intuitive
- The ability to actually block accounts rather than sending them to spam
- Ability to block entire domains
- “All mail” actually contains all mail (like, wow!)
Etc. I still have to use Gmail for work and the number of times I just say “oh I must have missed that” due to the sheer volume of spam in my inbox and the inability to filter anything effectively or find anything I actually need is too damn high.
…Why is the censor rectangle in the image changing colour for me?
Oh, it’s alpha channel. That’s… unusual.
Does that imply that the censored data is still present on a different channel?
If so, someone might want to notify OP, though I’m not sure whether they would take it seriously, seeing as they don’t seem to understand what 2FA is…
hey man, just turn off 2FA! Then send me your username and password, Ill check you did it correctly
/s
Just like my bank…they want to tie my account to my phones sms so I ALWAYS have to have my phone should I ever want to access my bank account.
The amount of extra crap I have to run through just to see my account is absurd. Sms is absolute shit
Don’t blame the banks for implementing security (Well SMS is the barely minimal bar for 2FA, but every other option is going to be some form of needing a secondary device of some kind)
Blame the bad hackers/scammers out there ruining everything
I blame the banks for creating security vulnerabilities in SMS instead of forcing their users to use a proper TOTP system.
This…
I’m not blaming them for security, I blame them for rushing security and implementing piss poor security to meet the bare minimum standard.
It took my bank years to even acknowledge that upper and lower case in a password could be a thing, let alone implement the proper fix