The device was never used, though, and it was never set up for 2FA. My default has always been SMS which they are now disabling.
Comment on Google Disabling Phone 2 Factor?
Chozo@kbin.social 1 year ago
I don't get this. Is this an SMS-based 2FA? If so, I'm not sure that Google has any ability to block that. Your carrier might, though, but that wouldn't be controlled by your device's OS. The option being greyed out on a third-party site has little to do with anything happening locally on your device.
If this is a push-based 2FA, then... yeah, you wiped the device, along with any tokens previously stored on it. This is also why any time you set up 2FA on any service, almost all of them warn you like a million times "If you lose or transfer your device before disabling 2FA, you will lose access to your account" before you complete the process.
doctorcrimson@lemmy.today 1 year ago
Chozo@kbin.social 1 year ago
Deprecating SMS is a good thing, in all honesty. SMS is not a secure form of data transfer, and is trivially intercepted. You can buy and setup an illegal Stingray device relatively easily, and capture basically all wireless data from a phone within range.
That said, if the device was truly never used for 2FA, then there wouldn't be any push-based 2FA on the account to begin with. Unless there's another device that's been authenticated with your account somewhere, like an old phone. In which case, that's where your login requests are being pushed to. That's a setting that can only be enabled by successfully authenticating with a device at least once in the past.
If there was never any other authenticated device, then that setting on your account isn't there. Enabling that feature is a two-step process, and step 1 involves configuration on a local device before it can be enabled remotely on your account.
doctorcrimson@lemmy.today 1 year ago
SMS could potentially be a secure form of Data Transfer if companies weren’t allowed by limp dinosaur legislators to gut your phone for any useable data with a simple app, but yeah I can see how it’s current state is lackluster.
Chozo@kbin.social 1 year ago
You’re wrong, btw, the Google Prompts feature is Default and cannot be turned off.
Only if there's a previously-authenticated device. That setting can't be enabled without a key, and one of the required keys is produced locally by a logged-in device (which is why your device is trusted to stay logged in indefinitely). If enabled without a key, it's nonfunctional and should error itself out and revert to a disabled state.
If that somehow hasn't happened (which, in all honesty, would be very surprising to learn) and the setting is enabled on your account, then that'd be something you'd need to submit a request to Google to have fixed, otherwise you have zero recovery on that account.
Are you a thousand percent sure you've never had any other device logged into that Google account? When you attempt to log in, it should show you the device name it's sending the request to. For instance, when I log into my Gmail from an Incognito window right now, it says to check my Pixel 6 Pro. What's it saying for you?
brianorca@lemmy.world 1 year ago
The SMS vulnerability is not because of your apps. It’s because of the LTE protocol itself. It can be intercepted or redirected without touching your phone.
Extrasvhx9he@lemmy.today 1 year ago
I can swear google gives you 10 otps to print out when enabling 2fa as well
orclev@lemmy.world 1 year ago
This is different. This is something new google is rolling out. This isn’t SMS and it isn’t TOTP. Google is opting people into push based authentication based solely on them having an android phone associated with their account whether they’re still using that phone or not. Anyone not already using TOTP or WebAuthN should really add those to their accounts before Google decides to “help” you by opting you into their new proprietary 2FA.
grue@lemmy.world 1 year ago
Goddamnit. Between this, the KDE Connect thing, and the Youtube anti-adblocker bullshit, I really need to quit procrastinating and de-Google already.
Infernal_pizza@lemmy.world 1 year ago
Anyone know what the best alternatives to gmail are? I’ve heard mixed things about proton mail and I’m not aware of many others