Tuesday, 3 May 2022

New top story on Hacker News: Google's most ridiculous trick to force users into adding phone number

Google's most ridiculous trick to force users into adding phone number
122 by vort3 | 69 comments on Hacker News.
"To help keep your account secure, starting May 30, 2022, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password." What does it have to do with phone numbers, you might think? Well, it's not that obvious. I have beed using FairEmail app to read emails on my phone for many years. Recently, Google made this change, so I thought I need to take some actions to make sure I can continue using my favourite email app. After reading a bit, everything looked pretty simple: - I could add my email account to my phone and login using google's native authentication methods, or - «you can use an app password, please see below.» Sure I don't want to add google's account to my phone just to be able to receive emails via IMAP, so I'll just generate separate app password for my email app, right? Well, for some reason it's not possible to generate app passwords unless you have 2FA enabled. The option is just not there. What can be simpler than adding 2FA to my account? I use password managers and my passwords are super strong, but I have no other choice, I'll have to use an authenticator app to continue reading emails on my phone, doesn't make much sense but anyway… You can't just scan a QR with TOTP secret and enable 2FA for your account. Well, you can, after you enable 2FA by SMS using your phone number, or 2FA by notification on the phone, after you add google account to your phone. But using an authenticator is an «additional method» which is not available until «primary» 2FA method (SMS / phone number) is added. Oh, you can give away your phone number first, enable 2FA, after 2FA is already enabled you can remove 2FA by SMS and keep using authenticator app as your 2FA method, it's simple. I guess I'll just have to stop using google. Thanks for making my life more difficult and caring about my security, Google. TL:DR; You can't use «less secure» apps (apps other than official gmail app) to sync emails if you don't want to link your account to your phone number or add google account to your phone.

No comments:

Post a Comment