Conversation

Mar 26, 2021

Replying to

a short time later: Google: WARNING! Someone tried to log into your account, here check your settings Me: goes to link provided in the email Google: HAHAAHAHA gotcha, did you really think we'd let you log in to your account after we sent email to the account's email address?

John-Mark Gurney

@encthenet

Mar 26, 2021

For some reason, Google thinks it's more secure to ADD a phone number to an existing account, possibly provided by an attacker, than it is to send email to the email address on RECORD for that account. Like, really? This is the security google is known for?

This Tweet is from a suspended account. Learn more

Replying to

and

That's not at all accurate for Google accounts. It's also one of the few sites allowing you to only have security keys as the 2nd factor authentication method. It doesn't force you to have weaker options. Advanced Protection disables weaker options than security keys altogether.

This Tweet is from a suspended account. Learn more

Replying to

and

If you're technical and don't want to have customer support able to recover the account for you then landing.google.com/advancedprotec is the best way to enable 2-factor authentication. You need to have at least 2 security keys and can't use other weaker 2 factor authentication methods.

landing.google.com

Google Advanced Protection Program

The strongest account security made to protect the personal data and information of people most at risk of phishing, hacking and targeted digital attacks.

This Tweet is from a suspended account. Learn more

Replying to

and

Advanced Protection Program is more than 2FA and is something that isn't offered by other sites. I can't see the normal UI because I have it enabled. It only allows me to add security keys not other mechanisms like app-based, SMS, recovery codes, Google prompt, etc.

This Tweet is from a suspended account. Learn more

Replying to

and

Just be aware the Advanced Protection Program is a lot more than only being able to login via security keys. It also prevents granting arbitrary apps access to account data and you don't have the option of using app passwords for legacy apps without modern auth workflow, etc.

9:05 PM · Mar 26, 2021Twitter Web App

This Tweet is from a suspended account. Learn more

Replying to

and

I'm suggesting using it for further security beyond simply using 2FA. You can set up 2FA without SMS without Advanced Protection. Advanced Protection is largely about getting rid of the customer support backdoors and eliminating other ways around proper authentication like that.