Gmail prompt to provide phone number sounds like a threat

  • Amju Wolf@pawb.social
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Google kinda does do that though. You can have a recovery email (or multiple IIRC), or you can have a phone number.

    TOTP and hardware authenticators are more for second factor authentication; you’re probably more likely to use those than a password, and they don’t really make sense for recovery.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Why wouldn’t they make sense for recovery? They’re authentication factors just like passwords.

      “Second” factor means you should have multiple, not that one of them is beneath the others. And they all work just as well for authentication and recovery.

      • Amju Wolf@pawb.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Because you’re much more likely to lose or break a hardware fob than lose a password, let alone change (lose or whatever) recovery email or phone.

        Like, it would be a neat option; ideally you could set up literally anything and say what combination of factors you want to use for recovery and which to use for authentication, but it’d be a pretty big change for a tiny minority of users.

    • DoomBot5@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      Google can use the phone number on file to text a verification code for password reset.