| Deutsch English Français Italiano |
|
<96uj9lxjvi.ln2@Telcontar.valinor> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E.R." <robin_listas@es.invalid> Newsgroups: comp.mobile.android Subject: Re: Google will no longer send SMSs with six digit codes for verification Date: Tue, 4 Mar 2025 19:42:49 +0100 Lines: 64 Message-ID: <96uj9lxjvi.ln2@Telcontar.valinor> References: <803e9lxp44.ln2@Telcontar.valinor> <1begjrynfhjra$.dlg@v.nguard.lh> <k8cg9lx8uf.ln2@Telcontar.valinor> <1bfu5iribmwb4$.dlg@v.nguard.lh> <vq4hce.l64.1@ID-201911.user.individual.net> <vq6a3h$1p9sb$1@dont-email.me> <l8nlfkd5cizd.dlg@v.nguard.lh> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: individual.net adFzmpCNhSW5dvGNsGHAcwlGc8RFCz9hmz2DQDzKaBvR/2GGSZ X-Orig-Path: Telcontar.valinor!not-for-mail Cancel-Lock: sha1:7wPnVgPDL2OV6egkLSsssCw36jc= sha256:qzbLxsNV3evpkyK7KZpAebjVQPRUQTRpTqJt6q1wcz4= User-Agent: Mozilla Thunderbird Content-Language: es-ES, en-CA In-Reply-To: <l8nlfkd5cizd.dlg@v.nguard.lh> Bytes: 4384 On 2025-03-04 19:18, VanguardLH wrote: > Dave Royal <dave@dave123royal.com> wrote: > >> A *bit* more info about verifying phone numbers here >> <https://www.androidauthority.com/google-ditch-sms-codes-authentication-details-3529425/> > > So, you either have to wait for an SMS message to arrive from them, or > for them to get the one you send them. No, they also say: «Google spokesperson Ross Richendrfer reiterated that SMS is mainly used as a security and anti-abuse check, but there are plenty of security challenges, like phishing and traffic pumping. Consequently, Google plans to reimagine how it verifies phone numbers over the next few months. Instead of entering their phone numbers and receiving a six-digit code over SMS, users will see a QR code they need to scan with their phone camera.» So, take a photo of the qr code. > SMS is not instantaneous. You > wait. SMS is not guaranteed delivery. Some get lost, so retry, and > wait some more. The security theater gets more in your way, and stalls > the login, all of which (this and 2FA/2FV) was to overcome boobs that > reuse the same weak login at every domain they visit (that requires a > login). Use technology to overcome the weak point in security: users. > > Wonder if I'll need to graft my smartphone to my hand to login to Gmail > at my desktop PC using an OAUTH2 e-mail client. My phone is not sitting > next to my desktop. It's on a desk near the house door where I also > toss postal mail, and have a laptop since the UI (small virtual keyboard > and touchscreen) on a phone sucks compared to a desktop, laptop, nor > netbook. I don't much use that laptop. It's mostly for something > related to newly arrived postal mail. Most of my desktop computing is > in a basement room. I'm not running upstairs to grab my phone because > some boob wants me to jump over hurdles for nuisancing security theater > mostly to reduce their manpower for tech support. Plus, I dislike that > some site wants my phone number for a totally unrelated service, like > e-mail. Oh yes, reduce privacy to profess increased security. The > phone for account recovery is okay, but then so are security questions > you preset for recovery, or recording your account ID (if you're ever > given one). I'd rather have to answer a preset security question > immediately on a login failure than wait for an SMS message that I have > to manually transcribe or manually scan into the waiting login page. Of > course, don't secure the communication venues (e-mail and SMS) used to > supposedly secure the logins. «But will fallback authentication methods be available if the user cannot access a mobile phone? Google answers no.» > > Thanks for that article. It gives some more info, but looks like we > have to wait, and suffer, with however Google decides to implement their > new security theater. Could be months, or years, and then there's the > initial pains as they work out the kinks. Perhaps Google should > reassess how much they increase pushing users away from Google services. > Security and convenience are the anti-thesis of each other: to get more > of one means less of the other. Too much security becomes intolerable. -- Cheers, Carlos.