EDIT: You know, after some time to cool off, Google Authenticator 2FA can still be enabled and isn’t being phased out like the less secure SMS 2FA, so it’s really not the end of the world here. The chance of permanent lockout is avoided, even if the whole Google Prompt system is still wack.

  • redcalcium@lemmy.instituteEnglish
    22·
    1 year ago

    Last time I login, there is a “try another way” button that allow me to use sms or totp code. Is this not the case for you?

    • Skull giver@popplesburger.hilciferous.nlEnglish
      11·
      1 year ago

      I thought the same thing, until I tried to log in over a VPN in an actual other country (not just spoofed GeoIP like most piracy VPNs do).

      I clicked “try another way” and got to choose between “notification on your device” and “cancel”.

      Google has some kind of fancy security system that will require you to use the highest form of authentication when something fishy is going on. Multiple failed attempts from a foreign IP address on a device resolution you’ve never used before? Gonna hit you with a mandatory device prompt. Login from a browser with an expired session? Probably not even a 2FA prompt.

      The idea and implementation are done very well, but Google does lack the customer support infrastructure to resolve issues like “I’m in another country and I dropped my phone”.

      You can use Yubikeys or equivalent if you want to always have a way back into your account. Use two for optimal protection against lockout (one primary you use all the time, one stored away safely intended for recovery).

    • doctorcrimson@lemmy.todayOPEnglish
      87·
      1 year ago

      Cool but that doesn’t fix the fact that the default method is one that literally does not function and can result in a permanent lockout. Though, I admit, SMS is way less secure than the Authenticator App.