Jump to content
Chapala.com Webboard

Google email sign in change

HoneyBee

By HoneyBee
in Ajijic/Chapala/Guadalajara

 Share

Recommended Posts

Lou Quillio Collaborator

Lou Quillio

Posted
Posted
3 hours ago, HoneyBee said:

So just want to know if this is legitimate or if its a scam

It's legit.

https://www.theverge.com/2021/10/5/22710421/google-security-2fa-inactive-account-management

In particular, users who haven't configured a recovery phone number or email account will be notified first, but it'll be every user eventually.

Everything about 2FA is good and right and easy to do. One can set it up in less time than it took to type this message.

After your device (phone, tablet, laptop ...) has passed 2FA once (by text message, automated call, etc.), you can choose to whitelist that device. We can't make this any easier.

Not confident you can distinguish legitimate emails from scammy ones? Go here instead:

https://myaccount.google.com/security

LQ

 

  • Thanks 1
Link to comment
Share on other sites
HoneyBee Experienced

HoneyBee

Posted
  • Author
Posted
20 minutes ago, Lou Quillio said:

It's legit.

https://www.theverge.com/2021/10/5/22710421/google-security-2fa-inactive-account-management

In particular, users who haven't configured a recovery phone number or email account will be notified first, but it'll be every user eventually.

Everything about 2FA is good and right and easy to do. One can set it up in less time than it took to type this message.

After your device (phone, tablet, laptop ...) has passed 2FA once (by text message, automated call, etc.), you can choose to whitelist that device. We can't make this any easier.

Not confident you can distinguish legitimate emails from scammy ones? Go here instead:

https://myaccount.google.com/security

LQ

 

Thank you. I understand security is good but its a pain to have to use my cell phone each time (or I no longer sign off from my home computer).

Link to comment
Share on other sites
Lou Quillio Collaborator

Lou Quillio

Posted
Posted
Just now, HoneyBee said:

its a pain to have to use my cell phone each time

I'm always given the opportunity, after a successful 2FA login, to not be challenged again "on this device." I'm not sure why some folks report having to use two-factor every time.

As a guess, it could be that if your phone can be picked up and used by anybody -- that is, you don't have a PIN or pattern to enter, or a biometric check like fingerprint or face recognition -- Google services running on your phone will know this. In that case, always requiring 2FA is reasonable: a thief can get into your phone, but at least he can't access your Google stuff.

It's not at all Google's intention to require 2FA every time on every device, so if that's what you experience, there's a reason.

[For folks who just can't figure out why they get a 2FA challenge on every use, there is a "bigger hammer" method involving app passwords, but that takes an extra step to set up.]

LQ

 

ps. I'm not some crank on the internet. I'm an almost-retired Googler, still have a badge, etc., etc.

 

Link to comment
Share on other sites
HoneyBee Experienced

HoneyBee

Posted
  • Author
Posted
9 minutes ago, Lou Quillio said:

I'm always given the opportunity, after a successful 2FA login, to not be challenged again "on this device." I'm not sure why some folks report having to use two-factor every time.

As a guess, it could be that if your phone can be picked up and used by anybody -- that is, you don't have a PIN or pattern to enter, or a biometric check like fingerprint or face recognition -- Google services running on your phone will know this. In that case, always requiring 2FA is reasonable: a thief can get into your phone, but at least he can't access your Google stuff.

It's not at all Google's intention to require 2FA every time on every device, so if that's what you experience, there's a reason.

[For folks who just can't figure out why they get a 2FA challenge on every use, there is a "bigger hammer" method involving app passwords, but that takes an extra step to set up.]

LQ

 

ps. I'm not some crank on the internet. I'm an almost-retired Googler, still have a badge, etc., etc.

 

My bad, I jumped to a conclusion that was not correct. Am no longer challenged again "on this device". Thank you for your helpful feedback.

Link to comment
Share on other sites
Lou Quillio Collaborator

Lou Quillio

Posted
Posted
4 minutes ago, Tingting said:

I get hit every single time with the 2 step process

I wouldn't put up with that. Are these Apple devices?

Though it's not recommended, you can certainly make an "app password" for each device and be done with it.

https://support.google.com/accounts/answer/185833?hl=en

An "app password" is a password you create and authorize for a single purpose. It's shown to you once, when you create it, but you can never see it again, you can only destroy it.

When you create one, give it a name, like "Tingting's iPhone." Then login with your regular account (tingting@gmail.com?) and the 16-digit app password -- not your usual account password. You're done.

LQ

 

Detail: The usual purpose for "app passwords" is when an automated system must login to a Google account. For example, this forum software right here sends out emails using a Gmail account. But there's no human attending that process, thus no person on hand to login all the time. Instead, the software likely uses one of these custom app passwords to authorize access to Gmail and send it's notification messages.

Link to comment
Share on other sites
ibarra Veteran

ibarra

Posted
Posted
4 hours ago, Lou Quillio said:

It's legit.

https://www.theverge.com/2021/10/5/22710421/google-security-2fa-inactive-account-management

In particular, users who haven't configured a recovery phone number or email account will be notified first, but it'll be every user eventually.

Everything about 2FA is good and right and easy to do. One can set it up in less time than it took to type this message.

After your device (phone, tablet, laptop ...) has passed 2FA once (by text message, automated call, etc.), you can choose to whitelist that device. We can't make this any easier.

Not confident you can distinguish legitimate emails from scammy ones? Go here instead:

https://myaccount.google.com/security

LQ

 

Look at the date of the article you posted.  2021

Link to comment
Share on other sites
Lou Quillio Collaborator

Lou Quillio

Posted
Posted
1 hour ago, Tingting said:

Mine are androids and when I'm asked if I want Google to recognize the device, I say yes, but it still happens.

The next time you do two-factor on it, take a screenshot and send it to me. We'll figure it out.

Remember, there are three kinds of smartphones:

  1. Google Pixels and Samsung Galaxies, which are premium devices.
  2. iPhones, which are premium devices.
  3. The rest of the noisy, clanky, half-compromised budget devices from myriad providers world-wide, that may be based on a (usually outdated) Android version but then mucked up good and proper by their no-account manufacturers.

In the case of #3, who knows what's going on under the hood. Maybe Xiaomi or some such wants to discourage use of Google services. There's no telling.

Send me a screenshot of your Gmail login screen, if you like.

LQ

 

ps. I include Samsung, above, because they're made in the free world by a huge company that sweats its reputation.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...