The most annoying part is you may get this for a previous phone even if you have registered a new phone. If you really want to avoid Google’s forced MFA the best way is to actually enable MFA and generate some airplane codes. Those can generally be used regardless of what Google asks at the time and you can store them offline or even memorize a couple. Probably not as secure but at least you won’t get locked out.
[deleted]
Submitted 3 weeks ago by throwawayacc0430@sh.itjust.works to mildlyinfuriating@lemmy.world
Comments
MicrowavedTea@infosec.pub 3 weeks ago
njordomir@lemmy.world 3 weeks ago
This is a good reminder. I recommend everyone grab their takeout data every now and then, but also, print out the 6 codes and put them in a safe deposit box, safe, bury them in a ziplock bag inside of a coffee can in your yard, etc. Hopefully it will be a waste of your time, but if you need them, they’ll be there.
Ibaudia@lemmy.world 3 weeks ago
They’re just called “backup codes” now. But yeah.
LodeMike@lemmy.today 3 weeks ago
Also, Google will outright not allow you to log in even with all authentication methods if it doesn’t like your IP or browser.
JasonDJ@lemmy.zip 3 weeks ago
Airplane codes? Was that an autocorrect for API?
unmagical@lemmy.ml 3 weeks ago
No. When you enable 2FA Google gives you about 10 backup codes that will always work regardless of if you have access to your authenticator app.
MicrowavedTea@infosec.pub 3 weeks ago
Apparently they’re called backup codes now. I could swear they used to be called airplane codes (because they’re offline ig). It’s just some randomly generated 8-digit codes.
LodeMike@lemmy.today 3 weeks ago
You can’t enable MFA without a phone number or a mobile device.
dustyData@lemmy.world 3 weeks ago
Just to be very clear. This is happening because you didn’t have MFA active. I know it hurts to hear, but this is why you always migrate first, wipe the device second. MFA would’ve allowed you several methods for proof of ID. If your phone gets stolen, then thieves can’t even use the phone for anything. You can remote wipe and block the device, and it turns into paperweight. The device nukes your data then locks the bootloader.
MicrowavedTea@infosec.pub 3 weeks ago
You should enable MFA yes. But it’s definitely not reasonable to expect a forced half-assed version of MFA that keeps changing when you DON’T enable MFA. OP should have migrated the account before wiping the phone but this behavior was not caused by them.
yessikg@lemmy.blahaj.zone 3 weeks ago
If you have more than one MFA method turned on, an option will show up to Try Another Way
spaghettiwestern@sh.itjust.works 3 weeks ago
The company used to have it set up so in order to set of an audio alert using “Find My Device”, you had to have that device in your hand and respond to a security prompt.
It is my firm belief that Google employees never use their own products.
throwawayacc0430@sh.itjust.works 3 weeks ago
Reminds me of the joke: “I cant see clearly enough to find my glasses” 💀
Rivalarrival@lemmy.today 3 weeks ago
I found that I can’t convince google assistant (via bluetooth headset) to find my phone unless my phone is unlocked. The only workaround I’ve found is to set a 1-second timer.
LodeMike@lemmy.today 3 weeks ago
I also lost an account like this. Absolutely idiotic.
CosmicTurtle0@lemmy.dbzer0.com 3 weeks ago
I had this happen after I changed my unlock code and then locked myself out.
I imagine part of this is a conflict between their logic for reinstalling your settings and the fact that your credentials have been changed and you need to unlock them. The account restore workflow doesn’t have a path for people who recently changed their passcode but need to log in.
I ended up abandoning the process and starting over. But gave me the opportunity to try a new launcher.
array@lemm.ee 3 weeks ago
That’s why they ask you to back up the recovery codes. Learn how to use your devices
red@sopuli.xyz 3 weeks ago
This thread is full of insane people with insane workarounds to an issue they are alerted upon when activating 2FA.
Keep the recovery codes in a safe place - not on the same device.
LodeMike@lemmy.today 3 weeks ago
It’s well known that Google does not tell you that it’s forcefully adding second factor to your account if you log into that account on an Android/iOS device/app.
kikutwo@lemmy.world 3 weeks ago
I got the same directions to verify just yesterday. The directions aren’t correct, and there’s no way to do this as described.
superfes@lemmy.world 3 weeks ago
If you’re logged in on a computer you can deregister the device in your security settings and it will use the other available authentication types.
I’ve always been able to select another way to verify my login.
throwawayacc0430@sh.itjust.works 3 weeks ago
I’m just gonna copy paste what I said to another user on another thread regarding this topic:
Okay, so I attempted to access it again. Its currently in a weird state of partial access.
I can “log in” but as soon as I try to access anything, say, Gmail, I get that screen again.
This is what the settings page looks like:
So its not totally locked out, but its not functional either, I’m not even on a VPN.
Image
Notice, 2FA is off.
Then I click Gmail and get this:
Image
I tap “more ways to verify” and get this:
Image
I tap the only option, and it circles back to the previous screen.
MrQuallzin@lemmy.world 3 weeks ago
They said to try again on a computer. All your screen shots are from a phone. You might get the same result, but we won’t know until you attempt it.
janonymous@lemmy.world 3 weeks ago
I had the same issue just a week ago after resetting my phone. As was said here I had to deregister my device in Google, because they didn’t know that I had reset that device. For Google it was a complete new device in my hand, despite it still being the same phone after reset. That’s why Google tried to make me F2A on what it thought was my old device.
Only after removing the old device in Google on my computer was I able to login on it again.
Witchfire@lemmy.world 3 weeks ago
Have you tried reaching out to support?
y0din@lemmy.world 3 weeks ago
I know this doesn’t directly solve your issue, and it might not help much now, but I wanted to share my experience just in case it’s useful.
When I had a similar problem after switching phones, what ended up helping was that I had 2FA enabled beforehand. In that case, after selecting the option to recover my account suddenly allowed me to receive a verification code via SMS—something that didn’t appear on the usual login screen, it was greyed out before selecting this option.
It probably won’t work if 2FA is disabled, but maybe it’s still worth checking if any recovery options that shows up helps. There might be a choice there that helps you resolve your problem as well.
In any case, good luck—I hope you’re able to get it sorted soon!