this post was submitted on 06 Sep 2023
375 points (79.4% liked)

Privacy

32173 readers
734 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Gmail prompt to provide phone number sounds like a threat

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (2 children)

Google kinda does do that though. You can have a recovery email (or multiple IIRC), or you can have a phone number.

TOTP and hardware authenticators are more for second factor authentication; you're probably more likely to use those than a password, and they don't really make sense for recovery.

[–] [email protected] 2 points 1 year ago (1 children)

Why wouldn't they make sense for recovery? They're authentication factors just like passwords.

"Second" factor means you should have multiple, not that one of them is beneath the others. And they all work just as well for authentication and recovery.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Because you're much more likely to lose or break a hardware fob than lose a password, let alone change (lose or whatever) recovery email or phone.

Like, it would be a neat option; ideally you could set up literally anything and say what combination of factors you want to use for recovery and which to use for authentication, but it'd be a pretty big change for a tiny minority of users.

[–] DoomBot5 -1 points 1 year ago

Google can use the phone number on file to text a verification code for password reset.