Dnia 27.08.2024 o godz. 15:26:44 Viktor Dukhovni via mailop pisze: > > Welcome to two-factor denial of service. I try to resist signing up for > such baked-in disasters as much as I can, but the powers that be (hello > GitHub) have made it impossible in many cases. > > It is a sad state of affairs that no opt-out is available for users who > manage strong per-site passwords, and prize long-term availability over > often dubious security advantages of said 2nd-factors.
Google sometimes does it even for accounts that don't have 2FA configured. I have a Google account (that I don't use for email, but for things like Google Drive, Google Docs etc.) registered with this very email address I'm sending this email from. This email is not (and never was) hosted at Google, but on my own server. 2FA is not configured on this account and never was. Yet a few years ago it happened to me that when I logged in from an "unknown" device, Google FORCED me to add a phone number to my account to send the "verification code" to this number. Otherwise I wouldn't be able to log in. Which by the way at that point made no sense, because if it were an impersonator trying to log in to my account, he could add any phone number, as there was no phone number configured previously. It still happens from time to time that when I login from an "unknown" device, Google sends a "verification code" to this phone number and doesn't let me in without typing that code. Despite NOT having 2FA configured. Also it doesn't use the perfectly valid email address that is independent from Google to send this code. As far as I can remember (the last time it happened was quite a time ago, so I might be wrong), there is an option on the login screen to send the code to the email address, but I never got it to work. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
