Conversation

Daniel Micay
@DanielMicay
Replying to
@voretaq7
and
@encthenet
That's the workflow they have for non-technical people aimed at minimizing the amount of people recovering accounts via customer support. I'm fairly sure you can enable non-SMS 2FA without that even without Advanced Protection. I don't think I ever had SMS recovery/2FA enabled.
1
1
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
@voretaq7
and
@encthenet
The issue is that they have at least 3 workflows: the one for non-technical users, a more hidden way for people to set things up in a more specific way and then Advanced Protection Program for journalists, activists, etc. or other people with accounts that are high risk.
1
1
This Tweet is from a suspended account. Learn more
Daniel Micay
@DanielMicay
Replying to
@voretaq7
and
@encthenet
Yeah, I get the complaint. I have similar complaints about nearly every site with 2FA. landing.google.com/advancedprotec avoids all the issues for Google though. You need to have at least 2 security keys and may want to have another one as an off-site backup but other than that is trivial.
landing.google.com
Google Advanced Protection Program
The strongest account security made to protect the personal data and information of people most at risk of phishing, hacking and targeted digital attacks.
1
This Tweet is from a suspended account. Learn more
This Tweet is from a suspended account. Learn more
John-Mark Gurney 🗑️🔥
@encthenet
Replying to
@voretaq7
and
@DanielMicay
Yeah, that just changes an off-line attack (able to copy off the key material because it's not on the secure element) to an on-line attack, which w/ people's phones being on-line all the time, will last till it's detected/wiped.
1
This Tweet is from a suspended account. Learn more
This Tweet is from a suspended account. Learn more