Gmail forcing 2FA Oct 29

[rcjordan]

Just got the email. PITA

[rcjordan]

I turned it on today because I'd rather sort it out during the weekend. So far, gmail hasn't required 2fa from the chromebook. The chromebook was listed as a recognized device along with my phone.  Maybe recognized devices bypass 2fa? I'm also using the old html email which doesn't use any scripts.

[ergophobe]

I've got 2FA on all my email. Other than a spamcatcher account, why would you NOT want 2FA?

Gmail was one of the first places I switched to 2FA because it was one of the first that did not require cell service (i.e. allowed a OTP via an authenticator app).

[ukgimp]

2fa is great.

I do it with the app though. Eg not phone number, I remove that totally from the account.

I've backup codes and a second old phone with the generator on in addition to a paper backup stored in a safe seconds location.

[ergophobe]

If you do a screen capture of the QR code, you can always add the code to a new device.

Also, the Google Authenticator now allows you to export and import. So it generates one or more big QR codes on the source device. Read it on the target device and all your codes are imported. You can also save the export QR code(s) and if you lose your phone, you just point the new one at the screenshot of the QR code and you're set.

By preference, I avoid anything that uses SMS for auth.

By preference, I avoid any OTP generator that allows you to log in to a service and retrieve/share the OTP, which seems to defeat much of the purpose. They enforced a system like that at my old job. I get it. IT managers love it because they can rescue clueless employees who don't understand 2FA.