I'm just wondering how people deal with two factor
authentication problems. Twice I've tried to help
brothers get into their gmail and failed because they
didn't have 2FA. In one case I had to give up, as Google
continued to crack down.

Generally I don't use any online services, so it hasn't
been an issue for me, but now I'm looking into crypto.
They require a cellphone message code for security. That's
good. But what if I lose my cellphone and can't get that
number back? With services all automated there's no
human to contact. Messages won't go to landlines. Most
services don't seem to allow multiple cellphone numbers...

So I'm curious whether people have run into such problems
and what the solutions were. It's bad enough losing your email,
but losing your money because you don't have you cellphone
would be a much bigger problem.

Am 07.03.22 um 18:15 schrieb Mayayana:
> I'm just wondering how people deal with two factor
> authentication problems. Twice I've tried to help
> brothers get into their gmail and failed because they
> didn't have 2FA. In one case I had to give up, as Google
> continued to crack down.

I do not need 2FA to log into my Google-account. I do not have it and I
do not want it. Google is not important for me. On my Pixel and on my
computers I do it with a PW and my Gmail-address.

Differently with iCloud.There I do have 2FA. For third party apps I need
an application-specific PW from iCloud than it works. I use that on
various devices.

> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security. That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...
>
> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

A phone can be completely wiped and reset to factory settings OTA.

--
De gustibus non est disputandum

In article <t05ejo$tvp$1@dont-email.me>, Mayayana
<mayayana@invalid.nospam> wrote:

> I'm just wondering how people deal with two factor
> authentication problems. Twice I've tried to help
> brothers get into their gmail and failed because they
> didn't have 2FA. In one case I had to give up, as Google
> continued to crack down.
>
> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security. That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...

you're referring to sms authentication, which is a bad idea for many
reasons.

a much better method is a totp app (there are many), which generate a
code locally based on a seed and the current time, which needs to match
the code generated on the server.

in the event your phone is lost or stolen or even out of a service area
and unable to receive an sms, you can use another device to run the
totp app. with a desktop totp app, you don't even need a cellphone at
all.

another option is use one of the backup codes that were generated when
2fa was initially set up, which are intended for such a scenario.

also, most companies *do* have human contacts, such as banks, who can
grant access.

> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

nothing is lost. only your online access is blocked until you can
authenticate in some other manner, which can be via an app, backup code
or a phone call.

keep in mind that the whole point of 2fa is to make it difficult for
people who don't have the 2nd factor, namely the bad guys.

On 3/7/2022 10:15 AM, Mayayana wrote:

> I'm just wondering how people deal with two factor authentication
> problems. Twice I've tried to help brothers get into their gmail and
> failed because they didn't have 2FA. In one case I had to give up, as
> Google continued to crack down. Generally I don't use any online
> services, so it hasn't been an issue for me, but now I'm looking into
> crypto. They require a cellphone message code for security. That's
> good. But what if I lose my cellphone and can't get that number back?
> With services all automated there's no human to contact. Messages
> won't go to landlines. Most services don't seem to allow multiple
> cellphone numbers...

> So I'm curious whether people have run into such problems and what
> the solutions were. It's bad enough losing your email, but losing
> your money because you don't have you cellphone would be a much
> bigger problem.

I use the Google Authenticator app. No SMS required. I have it installed
on several devices so that if I lose my phone I'm not SOL.

When I put my Google account on a NEW device it opens the Authenticator
screen on any other device in which it's installed and you just have to
push the 'yes it's me' button and you're in on the new device.

I have my devices set up to only require authentication ONCE to verify
the device. After that it's a 'trusted device' and requires no more
verification, though it can be set up to require verification each time
but to me the extra security isn't worth the extra hassle. YMMV...

In article <t05gkk$8je$1@dont-email.me>, AJL <noemail@none.com> wrote:

> I have my devices set up to only require authentication ONCE to verify
> the device. After that it's a 'trusted device' and requires no more
> verification, though it can be set up to require verification each time
> but to me the extra security isn't worth the extra hassle. YMMV...

some sites do that for a short period of time, generally 2-4 weeks,
after which you need to use a code again, for another block of time.

On 3/7/2022 10:54 AM, nospam wrote:
> AJL <noemail@none.com> wrote:
>> On 3/7/2022 10:15 AM, Mayayana wrote:

>> I'm just wondering how people deal with two factor authentication
>> problems. Twice I've tried to help brothers get into their gmail
>> and failed because they didn't have 2FA. In one case I had to give
>> up, as Google continued to crack down.

>> I have my devices set up to only require authentication ONCE to
>> verify the device. After that it's a 'trusted device' and requires
>> no more verification, though it can be set up to require
>> verification each time but to me the extra security isn't worth the
>> extra hassle. YMMV...

> some sites do that for a short period of time, generally 2-4 weeks,
> after which you need to use a code again, for another block of time.

I'm talking about the 2FA needed to use Google services (like Gmail) on
a particular device as I thought the OP was (above). No time limits are
involved. If he was talking about something else then disregard...

In article <t05hvg$8vs$1@dont-email.me>, AJL <noemail@none.com> wrote:

> >> I have my devices set up to only require authentication ONCE to
> >> verify the device. After that it's a 'trusted device' and requires
> >> no more verification, though it can be set up to require
> >> verification each time but to me the extra security isn't worth the
> >> extra hassle. YMMV...
>
> > some sites do that for a short period of time, generally 2-4 weeks,
> > after which you need to use a code again, for another block of time.
>
> I'm talking about the 2FA needed to use Google services (like Gmail) on
> a particular device as I thought the OP was (above). No time limits are
> involved. If he was talking about something else then disregard...

i said *some* sites have a time limit. not all of them, and not any
particular ones.

also, the 2fa codes can be auto-filled by a browser extension, along
with the id/password, so it doesn't really matter if it asks again.

On 3/7/2022 11:25 AM, nospam wrote:
> AJL <noemail@none.com> wrote:
>
>>>> I have my devices set up to only require authentication ONCE to
>>>> verify the device. After that it's a 'trusted device' and
>>>> requires no more verification, though it can be set up to
>>>> require verification each time but to me the extra security
>>>> isn't worth the extra hassle. YMMV...
>>
>>> some sites do that for a short period of time, generally 2-4
>>> weeks, after which you need to use a code again, for another
>>> block of time.
>>
>> I'm talking about the 2FA needed to use Google services (like
>> Gmail) on a particular device as I thought the OP was (above). No
>> time limits are involved. If he was talking about something else
>> then disregard...
>
> i said *some* sites have a time limit. not all of them, and not any
> particular ones. also, the 2fa codes can be auto-filled by a browser
> extension, along with the id/password, so it doesn't really matter if
> it asks again.

Again, I'm talking about certifying a NEW device for Google services
(like the OP's Gmail problem). There are no sites or time limits
involved. Google Authenticator can be used with sites but that's NOT
what I was suggesting...

In article <t05kv9$c4m$1@dont-email.me>, AJL <noemail@none.com> wrote:

> >>>> I have my devices set up to only require authentication ONCE to
> >>>> verify the device. After that it's a 'trusted device' and
> >>>> requires no more verification, though it can be set up to
> >>>> require verification each time but to me the extra security
> >>>> isn't worth the extra hassle. YMMV...
> >>
> >>> some sites do that for a short period of time, generally 2-4
> >>> weeks, after which you need to use a code again, for another
> >>> block of time.
> >>
> >> I'm talking about the 2FA needed to use Google services (like
> >> Gmail) on a particular device as I thought the OP was (above). No
> >> time limits are involved. If he was talking about something else
> >> then disregard...
> >
> > i said *some* sites have a time limit. not all of them, and not any
> > particular ones. also, the 2fa codes can be auto-filled by a browser
> > extension, along with the id/password, so it doesn't really matter if
> > it asks again.
>
> Again, I'm talking about certifying a NEW device for Google services
> (like the OP's Gmail problem).

google isn't the only site that offers 2fa. google doesn't have a time
limit, but some other sites do, and some sites require a code every
time. there is no single rule for every site.

> There are no sites or time limits
> involved. Google Authenticator can be used with sites but that's NOT
> what I was suggesting...

google authenticator can be used with any site that uses totp, as can
any number of other totp apps. some people use more than one totp app
as a backup, in case one app stops working for some reason.

Mayayana <mayayana@invalid.nospam> wrote:
> I'm just wondering how people deal with two factor
> authentication problems. Twice I've tried to help
> brothers get into their gmail and failed because they
> didn't have 2FA. In one case I had to give up, as Google
> continued to crack down.
>
> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security.

Whatever you do don't use SMS to secure your crypto exchange account. It is
not secure and you could easily lose it all.

> That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...

Use an authenticator app. There are several available and register at least
two so if you lose one you'll always have the other as backup. Or generate
backup codes and store then safely.

> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

Yes. You need to do more research if you're getting into crypto as there's
many ways you can lose money. There's no regulation and no come back.

Mayayana <mayayana@invalid.nospam> wrote:

[Irrelevant and distracting scenario deleted.]

> Generally I don't use any online services, so it hasn't
> been an issue for me, but now I'm looking into crypto.
> They require a cellphone message code for security. That's
> good. But what if I lose my cellphone and can't get that
> number back? With services all automated there's no
> human to contact. Messages won't go to landlines. Most
> services don't seem to allow multiple cellphone numbers...
>
> So I'm curious whether people have run into such problems
> and what the solutions were. It's bad enough losing your email,
> but losing your money because you don't have you cellphone
> would be a much bigger problem.

Check with the crypto services provider if they have some better '2FA'
method than using a SMS message. If they're a serious provider, they
*should* have something better. For example an authenticator app, a
token generator, etc..

But failing that, you *should* be able to get your number back and get
a replacement SIM (and get a new/replacement phone). If not, there's
something fundamentally wrong with your mobile phone service provider,
i.e. it has nothing to do with '2FA'.

Back to the irrelevant/distracting bit:

As you're posting this in comp.mobile.android, I assume you have an
Android smartphone and 'hence' a Google Account. If so, have a look at
the '2-Step Verification' section of your Google Account. That show
which '2FA' options a Google Account has and that will give some idea
what *other* (non-Google) services might have to offer. Using the Help
('(?)') gives some more background on what is what and how to use it.

(See '2-Step Verification' in the 'Signing in to Google' section on your
Google Account's Security page (<https://myaccount.google.com/security>.)

Mayayana wrote:

> I'm just wondering how people deal with two factor
> authentication problems.

Buyer Beware on 2FA.
Have you seen the lawsuit against Apple with respect to permanent 2FA?

As I understand it, once you switch to 2FA, you can _never_ switch it off
after a short time period of testing it out has expired (something like
that).

Let me dig up the lawsuit as I don't make anything up like iKooks do.
<https://duckduckgo.com/?q=apple+2fa+lawsuit>

Here's the first hit, dated February 2019:
*Apple sued for forcing 2FA on accounts*
<https://nakedsecurity.sophos.com/2019/02/12/apple-sued-for-forcing-2fa-on-accounts/>
"claiming that the company forces users into a two-factor authentication
(2FA) straitjacket that they can't shrug off, that it takes up to five
minutes each time users have to enter a 2FA code, and that the time
suck is causing "economic losses" to him and other Apple customers.
The lawsuit... is accusing Apple of "trespass," based on Apple's
"locking [Brodsky] out" of his devices by requiring 2FA that
allegedly can't be disabled after two weeks."

However, further down on the hist list is this April 2020 article:
*Apple 2FA Case Dismissed by California Federal Court*
<https://securitycurrent.com/no-good-deed-apple-2fa-case-dismissed-by-california-federal-court/>
"The class action lawsuit alleged that the 2FA "intercepted" their
access to third party apps, and "virtually dispossessed" them from
using those apps. They sued under the theories that Apple's 2FA was
a "trespass to chattels," violated the California right to privacy law,
was an unauthorized access to a computer in violation of federal
and state computer crime laws, and that Apple was "unjustly enriched"
by its horrible actions."

"On April 7, 2020, California Federal Judge Lucy Koh granted Apple's
motion to dismiss the lawsuit in its entirety. The Court ruled that
all of the actions complained of - the updating of the code,
the installation of the 2FA authentication, the "trespass" to
chattels - all were expressly authorized by the Plaintiffs
when they updated the software"

I guess I authorized Apple to destroy my iPads when I used iOS too.
1. Apple "ID Verification" prompts come up ten, twenty or more times a day.
<https://i.postimg.cc/LXzB3Lc0/appleid01.jpg>
2. Apple "Sign-in to iCloud" prompts come up a dozen or more times a day.
<https://i.postimg.cc/Y9kkj19v/appleid12.jpg>
3. Apple won't let you sign in even with the _correct_ login & password.
<https://i.postimg.cc/8zSvshQf/appleid04.jpg>
4. The Apple web site is so poorly designed it doesn't even tell you why.
<https://i.postimg.cc/SKGfmgnK/appleid05.jpg>
5. Eventually, as it did with one of my iPads already, Apple destroys it.
<https://i.postimg.cc/g008YhxP/appleid02.jpg>
<https://i.postimg.cc/q75t7MSk/appleid03.jpg>
6. On my 2nd iPad, the Apple apps stop working (but everything else works!)
<https://i.postimg.cc/hhFNJ5mq/appleid010.jpg>
7. Every single day, many times a day, you're confronted with tracking crap
such as this "Some account services require you to sign in again"
<https://i.postimg.cc/nrFHSvby/appleid11.jpg>
8. Interestingly, you can update your iOS (which I almost never do) as shown
here where I updated this week from iOS 13 to iOS 15 (and it let me).
<https://i.postimg.cc/nLjqk2HD/osupdate03.jpg>
9. And you can wipe out your Siri recordings (due to the recent zero-day).
<https://i.postimg.cc/sfZ0XP71/osupdate02.jpg>
10. Yet Apple tracking servers still require "Apple ID Verification"
<https://i.postimg.cc/gj0r2cBP/osupdate01.jpg>
11. And, you can install an app, but if you delete it, you can't re-install.
<https://i.postimg.cc/bJPKDSZ1/osupdate04.jpg>
<https://i.postimg.cc/ZR5mZ287/appleid07.jpg>
12. In the end, if you attempt that forced validation on VPN, Apple
unilaterally destroys your investment by locking you out of it forever!
<https://i.postimg.cc/q75t7MSk/appleid03.jpg>
13. All because Apple tracking servers _require_ periodic ID verification.
<https://i.postimg.cc/8k3GQyj4/appleid09.jpg>
<https://i.postimg.cc/q75t7MSk/appleid03.jpg>

On 3/7/2022 12:17 PM, nospam wrote:

> google isn't the only site that offers 2fa.

It is for the OP's friend's 2FA Gmail problem.

> google doesn't have a time limit, but some other sites do, and some
> sites require a code every time. there is no single rule for every
> site.

Other sites have nothing to do with the OP's Friend's 2FA Gmail problem.

> google authenticator can be used with any site that uses totp, as can
> any number of other totp apps. some people use more than one totp app
> as a backup, in case one app stops working for some reason.

All very interesting but little to do with the OP's Friend's Gmail 2FA
problem...

In article <t05pd5$fiu$1@dont-email.me>, AJL <noemail@none.com> wrote:

>
> Other sites have nothing to do with the OP's Friend's 2FA Gmail problem.

he said he was also looking at crypto sites.

his question was about 2fa in general and what happens if the phone is
lost or stolen. different sites handle that differently.

In article <t05onb$1b8o$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:

> Have you seen the lawsuit against Apple with respect to permanent 2FA?

it was dismissed because it was laughably stupid.

as expected, you fail to mention that google is also requiring 2factor:
<https://arstechnica.com/gadgets/2021/11/google-wants-every-account-to-u
se-2fa-starts-auto-enrolling-users/>
Two-factor authentication is coming to Google accounts whether you
want it or not.

also as expected, you fail to mention that various other companies also
require 2factor.

unfortunately, we live in a world where it's needed.

> As I understand it,

you don't.

> once you switch to 2FA, you can _never_ switch it off
> after a short time period of testing it out has expired (something like
> that).

that's a good thing.

the reality is that people use easy to guess passwords across multiple
sites and password leaks are common, which means 2factor should always
be used for a reasonable level of security.

> Let me dig up the lawsuit as I don't make anything up like iKooks do.
> <https://duckduckgo.com/?q=apple+2fa+lawsuit>
>
> Here's the first hit, dated February 2019:
> *Apple sued for forcing 2FA on accounts*
>
> <https://nakedsecurity.sophos.com/2019/02/12/apple-sued-for-forcing-2fa-on-acc
> ounts/>
> "claiming that the company forces users into a two-factor authentication
> (2FA) straitjacket that they can't shrug off, that it takes up to five
> minutes each time users have to enter a 2FA code, and that the time
> suck is causing "economic losses" to him and other Apple customers.
> The lawsuit... is accusing Apple of "trespass," based on Apple's
> "locking [Brodsky] out" of his devices by requiring 2FA that
> allegedly can't be disabled after two weeks."

none of that is credible.

using 2 factor is not even close to five minutes extra and there are
*no* economic losses whatsoever. their claims are ludicrous.

it takes maybe a couple of extra seconds, and that's if the user is
slow.

> However, further down on the hist list is this April 2020 article:
> *Apple 2FA Case Dismissed by California Federal Court*

no surprise there, because it was a baseless lawsuit, intended to grift.

On 3/7/2022 2:04 PM, nospam wrote:
> AJL <noemail@none.com> wrote:

>> Other sites have nothing to do with the OP's Friend's 2FA Gmail
>> problem.

> he said he was also looking at crypto sites.

Ah. But if so why not instead answer HIS POST and position it RIGHT
UNDER his crypto comment instead of on my later post and thus confusing
it with my expert treatise on using the Google Authenticator app (with
no sites or time limits required) to verify a device as perhaps one way
to make his friend's Gmail work?

> his question was about 2fa in general and what happens if the phone
> is lost or stolen. different sites handle that differently.

Ah. But if so why not answer HIS POST and position it RIGHT UNDER his
2FA in general comment and his lost phone comment instead on my later
post and thus confusing it with my expert treatise on using the Google
Authenticator app (with no sites or time limits required) to verify a
device as perhaps one way to make his friend's Gmail work...

In article <t05ua2$osp$1@dont-email.me>, AJL <noemail@none.com> wrote:

> >> Other sites have nothing to do with the OP's Friend's 2FA Gmail
> >> problem.
>
> > he said he was also looking at crypto sites.
>
> Ah. But if so why not instead answer HIS POST and position it RIGHT
> UNDER his crypto comment instead of on my later post and thus confusing
> it with my expert treatise on using the Google Authenticator app (with
> no sites or time limits required) to verify a device as perhaps one way
> to make his friend's Gmail work?

i did respond to his post.

i responded to yours specifically about timeouts.

nospam wrote:

>> Have you seen the lawsuit against Apple with respect to permanent 2FA?
>
> it was dismissed because it was laughably stupid.

Apple fucks its customer almost every chance that Apple gets to fuck them.

Whether or not that one lawsuit was dismissed doesn't change the fact that
2FA for Apple is apparently _PERMANENT_ (i.e., you can't change your mind).

At least not after two weeks you can't.
The judge didn't rule on that part of the lawsuit, nospam.

That lawsuit simply changed this observation:
*Apple fucks you every chance Apple gets.*
Into this observation:
*Apple _legally_ fucks you every chance Apple gets.*

The judge simply said Apple can fuck you all they want to because...
"all were expressly authorized by the Plaintiffs
when they updated the software"

The judge claimed you _allowed_ Apple to fuck you.
But that doesn't change the fact that Apple fucked you.

Just like Apple fucked up both my iPads simply for avoiding their logins.
--
Nobody has the marketing expenditure or the lack of R&D expenses than Apple.

"AJL" <noemail@none.com> wrote

| > google isn't the only site that offers 2fa.
| | It is for the OP's friend's 2FA Gmail problem.
| No. I'm just talking about general 2FA. I don't use anything
Google. What I'm dealing with right now is signing up for
crypto. They can only accept a cellphone. My bank can also
use a landline. A computer calls and speaks the number. But
crypto won't work with the landline. The call never comes
through.

In the case of my brothers, only one of them has any device
other than cellphone. So the Google app might be useful for
one of them. But I'm really just asking about the general issue,
not about Google.

"Frank Slootweg" <this@ddress.is.invalid> wrote

| Check with the crypto services provider if they have some better '2FA'
| method than using a SMS message. If they're a serious provider, they
| *should* have something better. For example an authenticator app, a
| token generator, etc..
| I'm just asking about 2FA on cellphones. I don't
want an app and not all services can use it. Plus,
I'd still need the phone.

| But failing that, you *should* be able to get your number back and get
| a replacement SIM (and get a new/replacement phone). If not, there's
| something fundamentally wrong with your mobile phone service provider,
| i.e. it has nothing to do with '2FA'.
|

Tracfone. I don't want to depend on being able to
get that number back, but it's good to know that I
might be able to.

| Back to the irrelevant/distracting bit:
| | As you're posting this in comp.mobile.android, I assume you have an
| Android smartphone and 'hence' a Google Account. If so, have a look at
| the '2-Step Verification' section of your Google Account.

No, I don't. What is this obsession people have with
Google? I just want to know what people have
experienced with 2FA. I have Android but disable
everything Google and have no intention of using anything
Google. I never signed up for a Google account. *I'm not
asking about Google anything.*

In article <t05vf7$for$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:

> Whether or not that one lawsuit was dismissed doesn't change the fact that
> 2FA for Apple is apparently _PERMANENT_ (i.e., you can't change your mind).

just like google and many other sites.

> At least not after two weeks you can't.

2fa should be required everywhere.

unfortunately, we live in a world where security breaches are common,
nearly all of which could be avoided with 2fa.

> The judge didn't rule on that part of the lawsuit, nospam.

the judge tossed the entire case because it was laughably stupid.

On 3/7/2022 3:03 PM, Mayayana wrote:
> "AJL" <noemail@none.com> wrote

>> It is for the OP's friend's 2FA Gmail problem.

> No. I'm just talking about general 2FA. I don't use anything
> Google.

Ah. My error. Generated some tit for tat fun though. Carry on...

nospam wrote:

> just like google and many other sites.

FACT:
*If you set up 2FA on an Apple product - Apple will never let you drop it*

Every time Apple fucks the customer, you say everyone else fucks them too.
Doesn't Apple have any free will nospam?

>> At least not after two weeks you can't.
>
> 2fa should be required everywhere.

That's your opinion and you're welcome to that opinion, nospam.
I would suggest that there are many people who believe otherwise.

>> The judge didn't rule on that part of the lawsuit, nospam.
>
> the judge tossed the entire case because it was laughably stupid.

The case was "laughably stupid" on certain parts I would agree, because they
tried to fit the case to existing law on damages.

However, the salient fact is that Apple fucks you when you choose 2FA.
Ooops. I mean Apple _legally_ fucks you when you choose to set up 2FA.

As the judge ruled, it's your own fault for setting up 2Fa in the 1st place:
*The permanent 2FA walled-prison-garden was "expressly authorized*
*by the Plaintiffs when they updated the software"*

The fact remains a warning to _anyone_ setting up 2FA:
*If you set up 2FA on an Apple product - Apple will never let you drop it*
--
Never forget nobody in high tech spends less than does Apple on R&D costs.

Mayayana <mayayana@invalid.nospam> wrote:
> "AJL" <noemail@none.com> wrote
>
> | > google isn't the only site that offers 2fa.
> |
> | It is for the OP's friend's 2FA Gmail problem.
> |
> No. I'm just talking about general 2FA. I don't use anything
> Google. What I'm dealing with right now is signing up for
> crypto. They can only accept a cellphone.

Don't use SMS. Use an authenticator app like Authy. If the service you're
wanting sign up only does SMS ditch them.

In article <t061rv$1fbd$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:

> >
> > 2fa should be required everywhere.
>
> That's your opinion and you're welcome to that opinion, nospam.

one which is shared by security experts, along with anyone with even an
inkling of common sense.

> I would suggest that there are many people who believe otherwise.

many people believe the earth is flat and that trump is still president.

that doesn't make either true.

> However, the salient fact is that Apple fucks you when you choose 2FA.

i chose 2fa and have not been fucked by apple. do they send out an
invite or does someone just show up one night?

does google fuck you when choosing 2fa?

the question on many people's minds is if you choose 2fa for both at
the same time, will it be a threesome?