IT 👏 IS 👏 OBJECTIVELY 👏 A 👏 DOWNGRADE 👏 IN 👏 USABILITY 👏 IF 👏 I 👏 HAVE 👏 TO 👏 GET 👏 MY 👏 PHONE 👏 OUT 👏 FOR 👏 USING 👏 A 👏 FEATURE 👏 OF 👏 A 👏 WEBSITE 👏

  • something_random_tho@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    3 months ago

    This is actually a really important security protection. Imagine if someone hacked into your bank account, and made a filter to hide all messages of transfers out of your account. Then even if they lose access to Gmail after some period of time, the filter keeps helping them.

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      32
      arrow-down
      1
      ·
      3 months ago

      Yeah this is just 2FA, and anytime I see someone complaining about 2FA I assume they don’t know what it’s like to actually be hacked, to have bank account info stolen and real money on the line.

      Yes, it’s a pain to get out your phone. It’s more of a pain to lose all of your money due to someone getting your credentials and wiring it away. Google has a lot that we can complain about, enforcing security here is not one of them. If you don’t want to use the youtube app set up another 2FA authenticator.

    • Droggelbecher@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      3
      ·
      3 months ago

      I intentionally don’t link anything important to gmail because I don’t want to trust them with that. Why can’t I disable this?

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    3 months ago

    No,👏it👏isn’t👏. Have you heard how companies are scammed out of money because of a compromised email?

    The way it works is an attacker accesses an email account and sets up a rule saying all internal emails go to another hidden folder. The attacker then email the accounts team asking for payment to be made with an invoice, when the accounts team reply asking questions the attacker sees the email, not the actual email holder.

    • cm0002@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      3 months ago

      They use the YouTube app for 2FA as a backup. If you can’t access your Android phone or use an iPhone. Android phones have the prompt built-in to the system wherever you’re signed in

        • ExtremeDullard@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          7
          ·
          3 months ago

          Google Authenticator is actually one implementation of RFC 6238. That’s a problem for Google because:

          1. They don’t control it: RFC 6238 is an open standard
          2. RFC 6238 works offline, meaning Google can’t use it to track you and increase the surveillance on you

          Google has been trying to kill off the Google Authenticator for years. Or rather, let’s say, gently push users away from it using dark patterns and promoting more convenient solutions.

          Which is why everybody should use it as much as possible, because anything Google doesn’t want is bound to be better for the user. I mean I know TOTP is far from perfect and not super-secure if you’re a high-value target, but it’s good enough for most people and it keeps Google in the dark.

          I wasn’t aware that Google uses the Youtube app as 2FA, but of course it makes total sense to them: it’s online and it’s one more surveillance point on your record whenever you use it. Then again, if you use Gmail and Youtube, there’s a good chance staying clear of the Google surveillance isn’t a priority for you, so it’s okay for you I guess.

      • fuckwit_mcbumcrumble@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        I think all google apps do this now. I think it’s just based on what you last used. At least in theory it’s what you last used, sometimes it’s not at all right.

        I’m just waiting for the day I have to open google sheets to approve my login.

    • helenslunch@feddit.nl
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      Proton email has huge improvements in usability also like:

      • A search function that actually works and is intuitive
      • The ability to actually block accounts rather than sending them to spam
      • Ability to block entire domains
      • “All mail” actually contains all mail (like, wow!)

      Etc. I still have to use Gmail for work and the number of times I just say “oh I must have missed that” due to the sheer volume of spam in my inbox and the inability to filter anything effectively or find anything I actually need is too damn high.

      • threelonmusketeers@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Does that imply that the censored data is still present on a different channel?

        If so, someone might want to notify OP, though I’m not sure whether they would take it seriously, seeing as they don’t seem to understand what 2FA is…

  • breadsmasher@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    3 months ago

    hey man, just turn off 2FA! Then send me your username and password, Ill check you did it correctly

    /s

  • FiveMacs@lemmy.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    Just like my bank…they want to tie my account to my phones sms so I ALWAYS have to have my phone should I ever want to access my bank account.

    The amount of extra crap I have to run through just to see my account is absurd. Sms is absolute shit

    • cm0002@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      3 months ago

      Don’t blame the banks for implementing security (Well SMS is the barely minimal bar for 2FA, but every other option is going to be some form of needing a secondary device of some kind)

      Blame the bad hackers/scammers out there ruining everything

      • helenslunch@feddit.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        I blame the banks for creating security vulnerabilities in SMS instead of forcing their users to use a proper TOTP system.

        • FiveMacs@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          This…

          I’m not blaming them for security, I blame them for rushing security and implementing piss poor security to meet the bare minimum standard.

          It took my bank years to even acknowledge that upper and lower case in a password could be a thing, let alone implement the proper fix