EDIT: You know, after some time to cool off, Google Authenticator 2FA can still be enabled and isn’t being phased out like the less secure SMS 2FA, so it’s really not the end of the world here. The chance of permanent lockout is avoided, even if the whole Google Prompt system is still wack.

  • doctorcrimsonOP
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    5
    ·
    edit-2
    1 year ago

    SMS could potentially be a secure form of Data Transfer if companies weren’t allowed by limp dinosaur legislators to gut your phone for any useable data with a simple app, but yeah I can see how it’s current state is lackluster.

    You’re wrong, btw, the Google Prompts feature is Default and cannot be turned off.

    • brianorca@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      The SMS vulnerability is not because of your apps. It’s because of the LTE protocol itself. It can be intercepted or redirected without touching your phone.

    • Chozo@kbin.social
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      1 year ago

      You’re wrong, btw, the Google Prompts feature is Default and cannot be turned off.

      Only if there’s a previously-authenticated device. That setting can’t be enabled without a key, and one of the required keys is produced locally by a logged-in device (which is why your device is trusted to stay logged in indefinitely). If enabled without a key, it’s nonfunctional and should error itself out and revert to a disabled state.

      If that somehow hasn’t happened (which, in all honesty, would be very surprising to learn) and the setting is enabled on your account, then that’d be something you’d need to submit a request to Google to have fixed, otherwise you have zero recovery on that account.

      Are you a thousand percent sure you’ve never had any other device logged into that Google account? When you attempt to log in, it should show you the device name it’s sending the request to. For instance, when I log into my Gmail from an Incognito window right now, it says to check my Pixel 6 Pro. What’s it saying for you?

      • doctorcrimsonOP
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        No, I’m telling you, it’s on by default when you purchase a Google Device. It doesn’t need to be set up.

          • doctorcrimsonOP
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            A device. The fact that any device is getting a google prompt and it cannot be disabled is the issue.

            • Chozo@kbin.social
              link
              fedilink
              arrow-up
              3
              arrow-down
              2
              ·
              1 year ago

              Right. I think you can see where I’m going with this. The fact that you’re being dodgy with the question is making me question your motives with this post.

              So, what device? You don’t have to tell me the name, but describe it to me. Is it the device that you flashed a new OS onto?

              • doctorcrimsonOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                It’s not constructive to answer your question instead of explain the situation to you for the 8th time. There is only one device and it was wiped and can never be recovered, not even by restoring the OS, but the Google Prompt is still the default option forever now. I found this mildly infuriating.

                The best solution is to use something like Google Auth since only the SMS is being phased out. Do you understand now or de we need to repeat this again and again?

                • Chozo@kbin.social
                  link
                  fedilink
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  So, when you said “The device has never existed”, you realize how that was a bit misleading, right? The way you’ve been presenting this situation would suggest that Google enabled 2FA in an impossible manner.

                  The device existed. You ignored the warnings and wiped the device before transferring your authentication elsewhere. There’s plenty of things to be critical of Google over, but flagrant user error like this isn’t one of them.

                  • doctorcrimsonOP
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    edit-2
                    1 year ago

                    There were no warnings, an unlocked bootloader was sold as a feature! The device was not set up for 2FA, it’s just shitty design!