Re: google account say it will no longer deliver email

To: debian-user <debian-user@lists.debian.org>
Subject: Re: google account say it will no longer deliver email
From: David <bouncingcats@gmail.com>
Date: Sat, 14 May 2022 10:39:35 +1000
Message-id: <[🔎] CAMPXz=qAK7-aJwrTrSns1=GWD-aw16f0eU7_nEVdTWuBzOy6AA@mail.gmail.com>
In-reply-to: <[🔎] 13052022192950.3fab41c8631a@desktop.copernicus.org.uk>
References: <ElYMV-eNZO-1@gated-at.bofh.it> <ElYWC-eOix-23@gated-at.bofh.it> <EmdVD-eXh0-1@gated-at.bofh.it> <Emh3b-eZ4l-3@gated-at.bofh.it> <Emq6t-f4B2-3@gated-at.bofh.it> <EmrlT-f5ft-3@gated-at.bofh.it> <EmvSx-f89O-3@gated-at.bofh.it> <EmCU2-fcXE-1@gated-at.bofh.it> <EmHgZ-ffzB-3@gated-at.bofh.it> <[🔎] 87mtfll3bj.fsf@alfa.kjonca> <[🔎] 13052022192950.3fab41c8631a@desktop.copernicus.org.uk>

On Sat, 14 May 2022 at 04:40, Brian <ad44@cityscape.co.uk> wrote:
> On Fri 13 May 2022 at 20:01:20 +0200, Kamil Jońca wrote:
> > Brian <ad44@cityscape.co.uk> writes:
> > > On Fri 13 May 2022 at 08:42:21 -0400, Michael Stone wrote:
> > >> On Fri, May 13, 2022 at 07:16:11AM +0200, tomas@tuxteam.de wrote:

> > >> > A loong password is not "equivalent" to 2FA, that's right. Good
> > >> > password management (of which length is but a part) is as secure
> > >> > as 2FA.
[...]
> > Password can be stolen, while with 2fa you have to take control over two
> > factors.
[...]
> Your claim is a good example of "frighten the user into doing what we want".

[Statements above are heavily trimmed and provide context only.
They are independent and do not represent a conversation.]

Speaking of "frighten the user into doing what we want" ...

Yesterday I needed to log in to a (different) gmail account that
I had not used for some time, so gmail reasonably required
some authentication.

1) Username (email address) ... I provided it.
2) Password (random chars, medium length) ... I provided it.
3) One-time auth token (sent to an unidentified non-gmail mailbox) ...
I provided it.

You would think that would be enough to satisfy 2FA, but it wasn't.

I was then prompted to enter a phone number, and it was
impossible to proceed without doing so, to obtain a onetime
token sent by SMS.

"so that we can verify your identity" or words to that effect.

The point is, I have never in my life before given gmail any phone
number. So gmail claiming that one was required to identify me
was a lie. At that point, any phone number would satisfy the process.

And denying access until I provided one, gave me a very
unpleasant feeling of being blackmailed into coughing up a phone
number in response to a lie.

Luckily, I was able to satisfy the requirement without revealing
any information that I care about. It will be annoying for future
logins though, so I now intend to move that content to a different
hosting service.

Diversity, not having all eggs (email, phones) in one basket is
my best solution to this. Use multiple, cheap, minimal, easily
swappable solutions where possible. The gmail account I'm
using to write this is only used for mailing lists, for example.

Reply to:

References:
- Re: google account say it will no longer deliver email
  - From: Kamil Jońca <kjonca@o2.pl>
- Re: google account say it will no longer deliver email
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Installation fails to recognize SSD
Next by Date: Re: Editing the DNS with Network Manager Non Root
Previous by thread: Re: google account say it will no longer deliver email
Next by thread: Re: google account say it will no longer deliver email
Index(es):
- Date
- Thread