In concept what you say is correct but reality is complex. There are very few providers that implement friction free login/password and importantly security. A large number of email providers didn't implement 2FA until very recently. Even those that have terrible apps, ad infested, no app password or oAuth etc. so many governments use MS hosted services.
It is akin to Visa/MasterCard duopoly. It is hard to escape but even if one does it then it resulted only inconvenience. I still don't have my cards in phone - neither will google change path nor will govts force a change.
I don't see any contradiction here with what I said. If you feel that using Google for email is unavoidable, that can be the part that you keep using. You can still easily ditch a lot of other things. E.g. Pixel phone, Google Docs, Google Drive, AWS. Each of those has plenty of, arguably better, alternatives.
I've largely disconnected from big tech for years, perhaps 80%, and encouraged others to do likewise. When does the seismic shift happen?
I don't care for these 'bottom up' strategies because they don't have clearly defined success conditions and are more wishing than anything else. It also puts the responsibilities on consumers for 'not advocating (or voting) hard enough,' which imho is just another kind of diffusion of responsibility. Everyone ends up feeling bad for not doing enough to solve the problem when the reality is that coordinating social swarms or other sorts of collective action against tech giants with highly integrated command and lobbying structures is almost impossible.
I don't understand your point. We're talking about ways to reduce dependence on big corp products. Some people object on the basis that it's not always feasible. I've responded that it doesn't have to be all or nothing. You've identified some products that you think you can't move away from. I've identified some that I think you probably can, and acknowledged that you might still by stuck with those others. I don't see how your latest comment fits in.
In the context of the present debate, Pixel phone is inherently bad because it's a Google product. You're putting money in Google's bank account when you buy one, and you're running your phone the way Google wants you to. The point of the debate is whether it's feasible to move away from such things. In the case of a Pixel phone, it is possible (to some extent, anyway).
IIRC, all these hardware exist. Software is not 100 % fine for them. The point is to have OS and password manager trust each other. Once this is done then all should work. That should allow for the browser to query the password manager for appropriate info. At the moment, password manager is poorly integrated onto OS.
I would assume google uses Android to just help get onboard chromeos (example: netflix app etc). You want android devs to handle the outside chrome. No thanks. Whether it is A11 or not a large majority does not care. It is only power enthusiasts that need latest A13 in chromebook. For the rest, not at all.
See they are learning a lesson from iOS. Keep tight control - at whatever cost. The same complaints about file management is there in iPad but devs have no option.
Any of these large companies are like governments. Assume you complain to a Chinese or US or European that your govt does this bad/crazy/illogical thing.
how do they respond?
Do you think if you tell an engineer from John Deere that they have unethical practices the are going to complain in the next meeting? Or a Volkswagen person that does care about pollution but will be quiet.
They just look at pay checks.
Any complaints. they just shrug or chuckle ...
The teams are big and finally they cant get involved. IIRC, even spouses of Googlers cant get special access.
At the same time if they did manage to reset account/password/etc that would be the best way to circumvent security.
On what page do you see the Authenticator app listed? I suspect it's on the "Two Factor Auth" page. My problem is that I cannot even load that page. I click on "Security" in the menu, and it's when I click on "Two factor auth" to do any 2fa-related task, that's when I'm forced to log in and provide a 2fa code (which I do not have)
Maybe it's because I haven't used a 2FA code on this account in the past year? I typically stay logged out of my Google account and just have the email forwarded to another provider.
I too create a new chrome profile (and restarted my router) to get a different IP. (i.e) clean.
- Does this mean you are able to access emails but not change 2FA?
- If yes, do a take out ASAP.
- May be the backup codes are incorrect?
(Unless the machine learning folks on hn did some programming to prevent it!!!). For every one that complains about Google, I wonder how hn crowd pleasingly accepts pay check in the software industry.
There's probably a vague/inconsistent (possibly "AI") threat-score / heuristic. I've heard of extra security requirements being imposed for like 30 days or so when you haven't accessed for a long time (or on a new machine?) and it's just ironic how they currently put you in a catch-22
When I click the second link, I'm forced to reauthenticate. During that reauthentication my only option for 2-factor auth is... a valid 2FA code. Backup codes are not allowed.
I suspect since you originally logged in with a 2FA code (I'm guessing), your session is marked as "recently two factor verified", and when I logged in with a backup code, I was not marked the same level of "secure".
Probably the difference, like parent says, is that you recently used 2FA, from the same OP address etc etc, so even though you have signed in with backup code now Google still trust your sign in more than OP.
I mean deGoogle/meta etc is almost impossible