On 2024-08-27 at 12:25 +0200, Jaroslaw Rafa via mailop wrote: > 2FA is not configured on this account and never was. Yet a few years > ago it happened to me that when I logged in from an "unknown" device, > Google FORCED me to add a phone number to my account to send the > "verification code" to this number. Otherwise I wouldn't be able to > log in. Which by the way at that point made no sense, because if it > were an impersonator trying to log in to my account, he could add any > phone number, as there was no phone number configured previously. > > It still happens from time to time that when I login from an > "unknown" device, Google sends a "verification code" to this phone > number and doesn't let me in without typing that code. Despite NOT > having 2FA configured.
This is a different scenario. Google is -for some blackbox reason- considering that the is suspicious enough to require a secondary check. I have only found that it seems related to the IP address used. When receiving a new one, you might have been accepted. Supposedly, Google will only use that phone number for security reasons. No idea if that is really the case or not, or if it is possible to disconnect the phone number (e.g. because you know in advance that you will be discarding that number). I still remember when, many years ago, after traveling to a different country, I tried to login into gmail just to be rejected because it considered that suspicious. It made perfect sense that they implemented such measure, but it got me by surprise, and would have left me locked out, hadn't I been able to proxy myself through my home IP so that it accepted the login (once I had a session open in that device it could use the service without problems). Regards _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
