Currently having problems with GMail
I lost my old phone (2fA) and no device was logged in so i could not access steam and like everything that requires that old mail
And my phone provider or postal service is stupid because i could not get a replacement sim after multiple tries which normally works
Googles account recovery policy is basically:
2fA
recovery email
create a new account x.x
I think the recovery mail option only gets unlocked after 6? months inactivity because ~3 months ago i did not have the option
Now after requesting a recovery i still have to wait a full month before they maybe send me a password reset to my moms mail
But steam support was nice. Managed to get the account by providing a product key i used a few months ago and was lucky enough not to have thrown the physical card away
Nah, any decent password manager or security application can manage multi-factor security credentials of any kind without lock-out due to phone loss.
Password authentication is beyond primitive by offering too many avenues of attack: the full secret is transmitted & shared.
Passkeys, client certificates, OTP don’t transmit the secret key.
Passkeys & client certificates authentication never share a secret key, so the server can’t expose it.
You can still accidentally leak your password via phishing or malware. 2FA is fine if you don’t tie it to a phone number, simplest way: install any authenticator app for TOTP tokens. Scan the QR code on multiple devices like phone + tablet, or old phone, for redundancy. Or save the secret key.
Google and most critical services also give you a list of 10 single use emergency codes that you should print or save in Keepass - lost the phone? Nbd just use one of the codes and reset 2FA.
I also never thought my non shared password would be public but one day I suddenly got prompted on the authenticator if I wanted to login; still no idea how or why but at least no one could get in and immediately rotated out the password.
This is what I do as well. A few services force 2fa though and also have 0 good options (let me use my flipper as a u2f through not chrome, ungoogled-chromium works, but damn), and for those I’m forced to use text.
While I’m here, anyone have a good chrome based browser that is private and can use serial ports for flashing meshtastic devices and u2f? Need android mainly because I have ungoogled-chromium on linux, but will take recs for linux too if there’s a better one.
Currently having problems with GMail I lost my old phone (2fA) and no device was logged in so i could not access steam and like everything that requires that old mail
And my phone provider or postal service is stupid because i could not get a replacement sim after multiple tries which normally works
Googles account recovery policy is basically:
I think the recovery mail option only gets unlocked after 6? months inactivity because ~3 months ago i did not have the option
Now after requesting a recovery i still have to wait a full month before they maybe send me a password reset to my moms mail
But steam support was nice. Managed to get the account by providing a product key i used a few months ago and was lucky enough not to have thrown the physical card away
Yea this is exactly why I don’t use 2FA
If the password is like 64 characters randomly generated by Keepass, the 2FA doesn’t matter.
Nah, any decent password manager or security application can manage multi-factor security credentials of any kind without lock-out due to phone loss.
Password authentication is beyond primitive by offering too many avenues of attack: the full secret is transmitted & shared. Passkeys, client certificates, OTP don’t transmit the secret key. Passkeys & client certificates authentication never share a secret key, so the server can’t expose it.
You can still accidentally leak your password via phishing or malware. 2FA is fine if you don’t tie it to a phone number, simplest way: install any authenticator app for TOTP tokens. Scan the QR code on multiple devices like phone + tablet, or old phone, for redundancy. Or save the secret key.
Google and most critical services also give you a list of 10 single use emergency codes that you should print or save in Keepass - lost the phone? Nbd just use one of the codes and reset 2FA.
I also never thought my non shared password would be public but one day I suddenly got prompted on the authenticator if I wanted to login; still no idea how or why but at least no one could get in and immediately rotated out the password.
This is what I do as well. A few services force 2fa though and also have 0 good options (let me use my flipper as a u2f through not chrome, ungoogled-chromium works, but damn), and for those I’m forced to use text.
While I’m here, anyone have a good chrome based browser that is private and can use serial ports for flashing meshtastic devices and u2f? Need android mainly because I have ungoogled-chromium on linux, but will take recs for linux too if there’s a better one.