Also, fully acknowledging Google and other bigtechs 2FA is far from ideal:
The other thing is, we want at the same time Gmail to be unhackable against best hackers and state sponsored adversaries for the billions of users, including high profile dissidents, journalists, and senators who will inevitably have accounts; and at the same time to homeless people who can't keep any physical thing. It's kinda difficult to meet those conflicting requirements well at the same time.
Maybe the solution should be to have some basic free state-paid email provider for those people. They are not forced to use Gmail specifically (albeit the number of non-sucking and free email providers is probably close to zero).
How about the homeless person remembers a good password, and that's all that's needed for authentication? You know, just like it used to be. What exactly is wrong with that?
And google is not alone here; many other major "free" email providers require a phone as well (dagger eyes at you, MS, yahoo, ect); and the icing on the cake are some websites even require a particular set of domains to register with them to prevent multi-accounts/bots/spammers/ect => just a big ol download-spiral of decisions that feed into eachother, just to put a physical ID on anybody to tag-em-to-sell-em
The biggest gripe is that it is mandatory; it is not an option and nothing we can do about it other than "vote with our wallets" - and google does not even allow ToTP use as an alternative to phones, lol
The beatings will continue until morale improves; always has been, always will
Seems to me it should mean that it has to be optional, at least until we solve that problem.
There are three factor categories, what you know, what you are, and what you have. A password is what you know. A phone is what you have. Biometrics are what you are - facial recognition, thumbprints, etc.
2FA in one manner or another is used by various services, because the security recommendation is to pillar identification by at least two of the three factors.
For your question, there are any two from the three factor categories that could be used.
However, there are also limited versions of a single category that are often used as a backup when 2fa is not available. In this case, google uses backup codes when "what you have" is not available. Backup codes are functionally equivalent to passwords, except that they are limited to a single-time use. Limiting use is often a method of using a single factor category, when another factor is not available.
Another method is to rely upon another authority, such as using a physical ID card that can be validated in order to let a person back in.
And so forth.
This is not a technical problem and should not be automated away.
Rely on trustworthy third parties. Universal utilities like Google should have retail outlets which are adapted to local conditions and can exercise educated judgement. In some countries, the police might certify the identity of the individual, and then Google could trust that certification. In another place, it might be some combination of the Red Cross and a public hospital. Obviously some identifications will be easier and others harder - if a person in New York claims they are the owner of an account based in Spain, the employee should be suspicious and require a higher burden of proof (and the reactivation might be logistically more difficult).
> The other thing is, we want at the same time Gmail to be unhackable against best hackers and state sponsored adversaries for the billions of users, including high profile dissidents, journalists, and senators who will inevitably have accounts;
I'm not really convinced high profile dissidents, journalists and senators (why senators?) should be trusting Gmail to protect them from state sponsored adversaries. Google generally wants to do business in territories controlled by states which means they have to follow laws and will sometimes be subject to intimidation; but they have no intrinsic motivation to be unhackable.
You don't need to use Gmail. There are a lot of good free mail providers.
Drop the password requirement. Use fingerprints + face. Very hard to lose these, but not impossible. Note, this solution is 1.5FA, but would solve the issue at hand. (pun alert)
If they truly can't keep anything on them, someone who recognizes them needs to represent them. (A locker won't do - they'll lose the key.)
And if they have no friends they can trust (which is likely) then it probably needs to be a government worker of some sort, who has their photo on the computer.
I mean, unless you want to have retina scans to log into library computers or something. Or really reliable face recognition.
It's only hard if you adopt a one size fits all approach to security.
Google's proclivity towards treating its users as an undifferentiated commodity isnt proof that its users couldnt be treated differently.
There is none. That's the entire point of the post: "something you have" doesn't work if you're at risk of losing all of your possessions at any time. So let them disable 2FA and rely on passwords - or even better yet, provide some way to actually talk to a person and verify identity.
Almost certainly is a bad idea. But the first thing that seems like it could work would be an implantable nfc yubikey. Then making more devices support nfc.
I know I would be pretty tempted to get an implantable 2FA device if one was available and seemed like it would have both broad and long term support.
Biometric? Amazon One's hand recognition would be a decent solution here, though I'll be damned if I've ever met someone willing to try it. And I ask, every time I go to Whole Foods.
What kind of 2FA would be human-proof?
Also, the tweet uses the word "permanent" but doesn't explain. How is it any more "permanent" than anyone else?
I disagree with the idea that because a very, very niche audience is in dire straits that the design decisions should be based on their needs. The forced 2FA system has probably prevented identify theft and financial loss for a very large number of people. I'm saying this as someone who thinks Google is a shady and dangerous entity in general.
It's similar to the idea that hard cases make bad law.
Almost every free email service I've tried now requires a phone number to setup. Even protonmail required it for a brief while, although they now are back to captcha and a stern warning. I actually can't think of another free service besides protonmail that this isn't now true for.
An annoying trick some of them use is to allow you to setup the account and then lock it some time later. I've seen on immediate login (irritating waste of time) or after you've used it for awhile (what you used the account for is now held hostage unless you cough up a phone number).
The homeless are certainly not a niche audience. There might be between 13 and 26 million people in the US alone who have experienced homelessness at some point in their lives [0].
Besides, issues around permanent access to security devices are not exclusive to the homeless. The problem described in TFA impacts a far larger segment of society.
Critical services are increasingly only available online -- and online services are increasingly critical. The people governing access to critical services are willfully ignorant to the difficulties that vulnerable people face, and often make those difficulties worse.
Not very niche.
Besides the fact that this doesn't scale at all, not using gmail is arguably a bad decision. If you have an email address at shiftydomain.com, some services won't accept it because its low barriers to entry may have been exploited by spammers or similar.
Half of you in here have never met a non-technical user. These folks should not have 2FA on ever, because they can't even use the damn thing with it on.
Yes, those users run a higher risk and should be notified of that extremely clearly. But 2FA is a garbage solution to the problem and it should always be possible to disable it.
I'm going to continue using 2FA happily like most of those in here - but man the lack of empathy is outstanding in here. I feel bad for your users.
And fuck Discord for not allowing me to reset my account with my own damn email address when my phone broke that one time. Total morons, through and through. I'd never want to work with anyone so objectively ignorant and unwilling to admit their ass backwards position.
I find it disturbing to imagine that people are stuck with phone numbers as de facto ID.
Trump for example. Which is why his account was regularly hacked.
Problems would happen when the new person tried to log in to the account. Since the login was from an unrecognized device and an unrecognized IP address, security was tightened. Even after inputting the correct password and entering the right backup email, it was mandatory to enter an SMS message from the phone number tied to the account, even after various troubleshooting and attempted workarounds. That meant getting ahold of the previous executive, who may be busy or changed their number.
You could argue that Gmails weren't meant to be used this way, which is fair; the goal of this comment is just to provide additional evidence that the description provided by the parent comment is true. (In the end, we went for a low-cost, reliable email service to fix the issue in the long-term. We also found that registered non-profits are eligible for free Google Workspace or Microsoft Outlook email plans subject to certain eligibility conditions, though we did not have a need of becoming an officially registered non-profit at the time.)
1) Not providing phone number for 2FA. Never.
2) Using multiple (3 pcs.) physical keys for 2FA (like Yubikey and similar). Authentication app is an alternative for one choice of 2FA (but not the sole one!)
3) Only using a limited set of Google functionality. Use for secondary purposes mostly.
Alternatively you can purchase a hardware key and store it in a trusted place, but admittedly they are expensive, so OTBC is the usual route.
Heck, here’s an idea for a startup: a digital “moving” service. IRL I could pay a company to take everything I own, pack it up, ship it somewhere else, and even unpack it too. I’d like to see a digital equivalent.
A much less critical or important thing but underlines the bad attitudes: I just tried to renew my cancelled Netflix membership yesterday. I am not allowed to do that without providing a phone number (I used Netflix for ca. 8 years without it). I do not provide that because I do not want to. I do not tie every aspect of my life to my phone number. In fact I do not want to tie any aspect of it to my phone exclusively. Phone number based authentication is not safe and reliable anyway (can loose, stolen, damaged, then I'll have a cascading effect of problems instantly).
I talked long to the helpdesk lady and the conclusion is that I am not allowed to renew my Netflix account without providing a phone number. End of story.
I permanently remain a non-Netflix user this way. Their loss actually.
(A secondary trouble with them is that they are trying to misinform me, giving false reasons! The support lady reasoned that they need the phone number for validating bank transaction. Since they - Netflix - want to use this to send a code in text that I am required to type into their - Netflix - system it has nothing to do with my bank and with authenticating the transaction! (my bank would never use phone for authienticating a transaction btw, I am not even sure if I updated my phone number with them, they reach me other electronic ways). She was just bullsh%ting! Also the renewal pages stated differently, saying that authenticating my account is where the phone number is required. Not to mention that a friend of mine registered recently and for him the reason to register a phone number was to retrieve password recovery messages. Three sources, three different reasons, one of them is complete bullsh%t. Very repelling kind of practice, I am actually glad staying away.)
(A third smaller aspect was that the helpdesk lady tried to interview me about my phone usage strategy and my reasons instead of answering my question about alternatives. It is not her business how I use phone and trying to pressure me into some rigid lifestyle strategy they determine. There are many alternative ways to carry out the same task, they should provide more and better choices.)
If you've got some spare time, have you considered taking them to small-claims court for refusing to cancel your membership and still charging you? It'll cost them a huge amount if they show up, and if they don't then you get a judgement against them by default. Or if you signed some contract agreeing to only use specified some Netflix-specified legal intermediator, use that.
If everybody who was screwed over by tech companies took legal action against them, it'd cost the companies a huge amount of money and they'd have to improve the way they treated people.
No ads, easy to use, free, and doesn't require a phone number or email.
Phone numbers are often included in billing address inputs, so I imagine it's at least logged in the bank's system and perhaps used as a heuristic signal for fraud.
I've been caught out recently twice: once I was away on work and had to access my email. Google demanded that I verify it using my phone that I'd previously accessed my work email with. However, this phone was just a phone I use for development, had never had a sim card inserted, and was on my desk at home. I hadn't agreed that it should be used for 2FA. It was tremendously inconvenient because I needed to find where my hotel was.
Another time recently I managed to destroy my phone in an accident and got the phone replaced. Despite taking the sim card from the old phone and putting it in the new one, doing a factory reset on the old one, and it not being active for a week, Google still demanded I 2FA authenticate on the old one.
I feel these problems could have easily been avoided, but it's typical latter-day Google experience: a tin ear for the customer experience and a general attitude of automation knows better than users.
I've never seen this issue. I don't have 2FA enabled for any personal Google account. There are some dark patterns to try and get you to enable 2FA that I don't agree with, e.g. a big "add a phone number to your account" page after you log in, with a small "skip for now" button at the bottom.
Google then decided that it was going to ignore TOTP set up and prefer the "Trusted mobile device."
In a way it actually made my account less secure, since that was a testing device and had no passcode on it.
And maybe the government should consider providing an email account too. The cost would be negligible compared to buying people new phones every 12 weeks...
You can force people to use 2FA, but then you discriminate against people who can't. You can build an account recovery flow that requires government-issued proof of ID, but then you sacrifice privacy. You can do neither, but then you make accounts easier to compromise and harder to recover. There's no good solution here, it's all tradeoffs.
Captchas are another situation where this problem arises. You can implement easy audio and text captchas, available in all the languages your signup form supports, but then you get a lot more fraudulent signups. You can eliminate captchas altogether, relying on invasive user fingerprinting instead, but then you sacrifice privacy. You can do neither, but then you discriminate against visually impaired users. Once again, no good solution, just tradeoffs.
Most of us have at least one email account that's already under our real name, where we have no big interest in hiding our real identity, but we do have a big interest in not being randomly shut down by Google. We hear about such shutdowns every few weeks on HN, if not more.
Google has unfathomable financial and technical resources, much of which goes to projects of speculative value at best. I can't help but feel that they could provide a slightly more customized login experience to help diverse people with diverse needs.
If you've every tried to teach an old person how to use 2FA you know it's an uphill battle. Using a fingerprint reader isn't even doable for some. And we're all going to be old one day.
Practically, we need ideas like to 2FA to gain tractionas widely as possible, while realising that isn't everywhere. And some people will never use 2FA, need higher thresholds for triggering lockouts, and need alternative methods for re-establishing identity to their ID provider (google in this case). For some people that might be their local librarians or community shelter, legal aid groups, and banks.
The problem here is that misapplied empathy can lead to terrible decisions. Having Google change their 2FA system for this group would be one such decision. It's similar to the 'think of the kids + terrorism' attacks on encryption. It's socially difficult to argue against these ideas because you are then labeled as a terrible and non-empathetic person, but the solutions themselves make one other thing worse without really being helpful other than for garnering retweets and likes.
In this case, we actually aren't being ambitious enough. Why are we having a system where we give out phones every 12 weeks to each homeless person? We'd probably save money for the program by developing some sort of dedicated device designed to be harder to steal or lose. Maybe a high-autonomy low-powered KaiOS smartphone that can be attached as a strap? It's not like the current devices are working.
Why is it such a hassle to keep the same number after a theft? We could investigate there too. Improving this would be better than decreasing the effectiveness of gmail's measures.
Heck, if we want to focus on Gmail, why not focus on why it's the default choice for the homeless to begin with, as opposed to removing features.
We could try to solve the problem structurally but we prefer the caseworker approach, because it's more easily packaged 'empathy' than actually fixing the homelessness issue. It's like people who travel to developing countries to 'help', when the locals need investments and training facilities, not extra warm bodies. Actually giving homes to the homeless would probably be cheaper than whatever we are doing now, even taking into account the mental illness and drug-abuse problems that factor into this.
Let's say I care. Let's say I care a lot. I care so much that I'm willing to make it my personal problem to address the very real, very pressing needs of a critically vulnerable and marginalized part of my community from inside Google.
What am I going to do? Is anyone going to be happier if I stand up and proclaim loudly how much I care? Probably not.
Could I say "Gee, what if we just let everyone put themselves in the group of people who don't do 2FA"? Yes, if I wanted to be responsible for a lot of people not securing their accounts. Could I outsource identity verification to a wide assortment of groups (libraries, non-profits, etc.)? Absolutely, so long as I'm alright with this being used to gain improper access to a LOT of accounts outside the target segment. Could I offer more password chances and friendlier lockout times? Sure, so long as I'm OK with the negative consequences of this for a lot of people.
OK. Let's end the game now. We don't really have any major steps towards real solutions here. Empathy is very useful for showing where a problem is. Demanding what amounts to lowering the global bar for account security is perhaps not the ideal approach here.
Sometimes problems are just hard. Taking ownership and feeling empathy and sincerely wanting to solve the problem does not render them easy.
Recent story was a 65yo + veteran living in a shelter. They hadn’t started collecting social security due to some debts and was worried it would ALL be garnished.
After explaining that veterans get expedited in line for housing and that they would still get almost all of their SS, they have applied for it and should be housed soon.
It doesn’t surprise me at all that 2FA causes problems after hearing many stories similar to this one.
Google is already providing a free service to homeless people. It's not empathy to tell someone else to solve a problem that you care about. That's virtue signaling. If he cares, he should take matters into his own hands.
Is it too much to ask a single person to build a free email service for all homeless people? Perhaps, but the good news is that he doesn't have to. Google already allows you to disable 2FA [1]. He could have started a campaign to disable 2FA on homeless people's phones, but instead he uses this as an opportunity to shame Google to boost his own Twitter follower count.
I think that empathy is highly overrated. I doubt anyone notorious for flashing their big Johnson is particularly empathetic, yet LBJ expanded social services more than any other President. The problem isn't that people have too little empathy these days. It's that people are too easily impressed by broadcasting their intentions rather than actually trying to solve a problem.
What's stopping any of those groups becoming a homeless person's 2FA?
It’s a problem all around - the elderly are most vulnerable to the types of account takeovers that MFA will prevent.
UX for good security can exist, but it does need a little bit of education.
We will all be old one day but I have trouble believing we will just forget how to use computers. On the other hand, we do need to carefully consider the role google plays in our lives… especially for us Europeans, who are just at the mercy of a US company’s whims.
I think we also have to realize that not everyone who is homeless has problems that can explain it away.
It's easy to look at someone who is homeless and tell yourself, "Oh, he's a dope addict. He did this to himself." It's only very rarely true, and you're only making excuses for not helping another human being.
Just last year there were newspaper articles about how a shocking number of perfectly normal public school teachers in California live out of their cars, just because they cannot afford a place to live on what they're paid.
Most people, especially in the SV bubble, would be shocked to learn how many of the baristas, maids, security guards, convenience store clerks, and other people they encounter every single day are homeless, living in their cars, or sleeping on other people's couches through no fault of their own.
thats just one opinion on security. you see this world where google is an identity provider, and you prove your identity to it via a librarian or bank. i dont. an internet service should absolutely never require any form of government id nor separate network like cell.
No, 2FA needs to die in a fire. Easily circumvented in most social attacks that actually matter, false sense of security, massive timewaster/usability-hell/pain in the butt, acts as a novel social/corporate/accessibility barrier to technology for a large number of previously unaffected groups, and poses a threat to software freedoms.
There are many ways to strengthen security and this has got to be the shittiest one.
Down grading security for the benefit of a tiny minority with an especially ridiculous use case is not the greater good. If the homeless people think they are at risk of losing their phone then they should pick another free email vendor.
A lot of the downsides are mitigated by using Google Voice as the SMS number, since attackers can't migrate your number away from Google.
But in general, I totally agree with you from a security perspective. I just think that it's a difficult thing to get people to use authenticator apps. Apple has resorted to baking the functionality into their OS.
1. Somebody has a phone
2. Somebody has a smart phone
3. They are in contact with the phone 24/7
4. They are the unique user of that phone
5. The SIM card and/or number cannot be taken from the phone (virtually or physically)
I currently have to use this for work, with the only positive being that if I get locked out, I can go tell the admin team to let me back in. With someone like Google, it's not even possible to get them on the phone to explain, let alone have them believe it is really you.
The tough issue here is that these access edge cases look a lot like malicious use. The aren't but authenticating someone who has no device or ID or really much else to authenticate themselves is a Hard Problem. Passwords also aren't the solution here, the industry is moving away from them precisely because they provide poor authentication, particularly for vulnerable people.
A library solution may not scale. Sure, a librarian might develop a personal relationship and do this as a favor for someone. But the author mentions talking to about 30 people with this problem in his neighborhood, which suggests that if word got out a librarian was doing this and they tried to institutionalize it, a library might have to store codes for dozens or hundreds of people it has no way to authenticate.
Defining a state-sponsored email account that can only be logged in from specific government machines (imagine a kiosk at the DMV, say) where there are trained clerks who can identify homeless in some way could work.
When setting up thunderbird, I've had multiple Google accounts lie about suspicious activity and demand I go through about 10 captcha checks and enter my old password and answer my security questions and verify my phone number. After passing all of that without error, they STILL won't let me log in with a blanket statement about security.
Why oh why would they ask users to jump through extreme hoops just looking for any possible questionable failure to point to as an excuse, but still reject you after passing everything? If you're not going to let people use their account, farming free AI detection and personal information out of them doesn't seem like a legitimate tactic one should be doing.
They discriminate against some phone numbers too. They have to be in whatever they think the correct country is, they often can't be VOIP or VOIP related, and there's unknown blacklists of some famous numbers sometimes.
What happens when we run out of phone numbers? I won't be surprised when accounts start getting banned for "sharing" or "ban evading" phone numbers (aka getting a new phone number for any reason) because it screws up their ad tracking of you... Or they'll force you to first log into an account in order to delete it even though it belongs to somebody else. Or your new phone number you bought specifically for authenticating a separate account is banned (just like voip number) because a previous user was banned using it.
We shouldn't have to rely on Gmail for what may be the only way to get information/apply for on basic government services!
The majority of companies seem to view email addresses and phone numbers as largely permanent identifiers.
Then there are the companies that actually provide you those things. To them, what they provide you is definitely not permanent.
The whole reason I use an authenticator app is so that my accounts aren't dependent on having the same phone number forever!
We should not be treating phonenumbers as SSN round two, where everyone relies on it for your identity, and it should never be changed because of how much shit was needlessly tied to it.
I rue the day I need to change my phone number and my digital identity becomes a huge headache, especially for far flung services that decided they wanted my phone number, but I wouldn't have considered going explicitly to them to update it.
Google's authenticator app is brain dead because they want to encourage 2FA over SMS. Why? Because it has the wonderful side effect of destroying your privacy. With your phone number, Google can easily identify you personally. Ain't that special --- privacy invasion wrapped up in security clothing! Much too tempting for Google to resist.
Google didn't invent OTP so there are other apps that are perfectly compatible.
Word to the wise, it should be obvious by now that all things "Google" are synonymous with "privacy invasion".
And since it's always more productive to assume malice, not stupidity — obviously, this is the point. Somebody wants you to depend on your phone number, something you don't really control and cannot easily change. This isn't about comfort and security, it never was. What else is new.
But, I mean, if I have to pretend that it's not about me, but about homeless people for something to be changed — I guess I'm homeless' rights supporter #1 from now on.
One of the worst examples I've heard is that Overwatch 2 not only requires a phone number, but they actually check with your carrier if it's a prepaid number, and if it is, you're banned. Sorry poor people, Blizzard doesn't want scum like you playing their game.
Assuming someone's phone number never changes, or that they'll have access to their old and new numbers at the same time, is simply wrong and does not work.
I haven't been locked out of Google yet, somehow, but maybe it's just a matter of time.
Maybe my house will get burgled, maybe I will lose all my stuff in travel, or a fire, or ... I don't know. Email is kind of the key to everything, which makes 2FA important, but can also a huge pain in all sorts of exceptional situations, and losing access to your email often means losing access to lots of other stuff, too.
I feel account access is still an unsolved problem; 2FA is a meh stop-gap solution at best with lots of trade-offs. Ideally your account should be tied to your identity (e.g. passport or the like) in a privacy-secure manner.
Or, he can safely store their 2FA backup codes in his house.
The homeless make up like 0.1% of society. And not every homeless person has this issue. It would be insane to make any feature for like 0.02% of the population. Especially a feature which diminished security. Because yes, those 0.02% of people might have an easier time accessing their accounts, but probably 100x that amount of people are going to end up getting tricked into de-securing their account, or do it by accident, and end up getting compromised.
> Or, he can safely store their 2FA backup codes in his house.
Why even have security? Your solution practically screams for those 30+ people to be taken advantage of.
Just use a different email provider whose procedures align with how you regularly change your phone number.
I don't work for google, and recognize they have many other issues, but this person on twitter is incorrect. There are other methods in addition to backup codes. There are voice authentication and id upload. I've even had Google call me back, and I spoke to a person who manually authenticated me.
This particular system isn't broken.
Of course, there are many other email providers. Why would someone keep choosing the same provider, when it doesn't act in the way they expect?
But, I mean, why are they not railing on the phone companies, to make it easy for the homeless to keep the same phone number?!
Why is this Google's fault?
People lose their phones all the times, I personally lost countless phones, and I am very far from being homeless.
The problem is forcing 2FA on everyone
Google is actually doing much better than the competition here in many aspects (e.g. it is possible to operate a Google account completely without a phone number for 2FA or account recovery), but as far as I understand, one is still required to initially create an account.
These spy phones and the apps they peddle have become a plaque upon humanity. They use addiction and coercion (denied services) to keep you under there spell. The worst part is that they are being forced upon our children, way worse than the tobacco industry ever tried.
For over a decade, I've been using my Google Voice number as my identity, with whatever number is on whatever SIM I happen to have at the time being an implementation detail. Ticketmaster doesn't accept that, so now I have to schlep myself over to the venue (which often includes a bridge toll) to buy tickets at the box office. It's infuriating.
I believe Credit Karma Tax also had this problem, which is moot now that Square owns it (since Square doesn't have this problem).
With Passkeys, your credentials will automatically sync between devices. So as long as you have some way to log in to your main account (Apple/Google/Microsoft, etc.), then you should be able to maintain access to all other accounts, even if you’re always moving between devices.
And there is a solution to the single point of failure problem as well, because there is a built-in flow where you can copy the credentials to other platforms, in case you lose access to your main account.
The newspeak is strong with this one. There was never anything wrong with the word homeless.
Have progressives gone too far?
For example, if Google wants people (who have a tendency to lose their 2FA devices more often) to always use this feature, and in case they lose access to their device, they could use a trusted designate who can verify on their behalf that they are the ones signing into the service. But then again, this alternative will impose some new challenges such as:
- What if the designate is not available? - Designate is available but also lost their access to verify the other person?
As with this case being raised here, it will always be a process wherein Google (or any other organization) will have to explore and find meaningful solutions that is both inclusive and considerate on specific conditions.
The variability alone of such premise is huge that I am quite sure when the next edge case comes up, there are other edge cases boiling down that will become the next set of issues.
To you and me 2FA doesn't seem that complicated. But to less technical people it's just overwhelming and they don't want to bother with the learning curve.
For that situation no 2FA solution is going to work.
They get phones from a government program. Each new phone has a new number, and due to the above challenges, it'd be challenging to port numbers and keep a consistent number.
Authy accounts are keyed to your phone number, and to set one up on a new phone you have to receive a verification call/text.
EDIT: It looks like you can turn off 2FA, I think I'm going to do that now so I don't get locked out of my Gmail.
E.g. John.doe1234@people.gov
There are many other usable (and free) email providers out there. It doesn't have to be Google.
I mean I've always fantasized about getting NFC into everything so that NFC-based tags could provide convenient "something you have" taps. Like, give me a simple ring on my finger to tap-in to a scanner on my keyboard rather than having to meander through an app on my phone.
The other problem is that with every org running their own auth systems, if you're trying to help a person with this problem you have to set them up on a dozen services. I really wish something like Mozilla Persona had took off.
Since I've been able to keep the same number through various phones and Sims, this seems technically possible.
The government has the resources to navigate complex situations that digital safeguards can’t.
If someone has no paperwork, lost the device they made their account with, and cannot remember a password they made—no tech company has the resources or expertise to handle this at scale as well as local institutions can. If someone needs to take over an account of a loved one that they have legal guardianship of, you don’t want a support agent at a call center to make these decisions.
Similar idea behind web-of-trust or multisig cryptocurrency wallets, except without the cryptographic mumbo-jumbo.
Isn't there a service like this already ? If not, there is your billion dollar startup idea.
Reminds me of a case in Moscow (iirc): a homeless guy bought a gym pass that came with a locker, and was storing his things in said locker. The gym administration decided to deny him this arrangement, but he sued them and the court said “since the locker is in the contract, it's his privilege now”.
Even backup otp keys would be a challenge in this scenario.
What solutions would help with this? I would think even having two passwords on the account (as in you need both to log in) would be an improvement over plain password auth.
Just stop using Gmail. Here is a very small number of other providers: https://www.ionos.co.uk/digitalguide/e-mail/technical-matter...
Google is not being immoral.
The homeless people can use a different service.
Dealing with the use case of someone losing their phone every few weeks when you have billions of others to worry about is unreasonable. I think handling that situation should be considered out of scope.
And if they don't give a list of "workable free email providers" then the government has failed.
Imagine the howling if you had to have an email address to vote.
GMail offers backup codes to somewhat solve the phone number problem by the way.
Allowing for a case-worker, for instance, to act as a secondary 2FA method, and making it easy for the custodian to update the users information.
Wouldn't be all that different than corporate ownership policies or family accounts.
None of these folks are desirable advertising targets.
The reason this is not offered (IMHO) is that a lot the use (on the users side) of 2FA is from people that want better security, while a lot of the push (on the developer side) for 2FA is from people that would like to see the use of passwords almost disappear.
The only way to win is to not play the game.
IMO this approach would be a good way to confirm identity over a sms.
It's all so tiresome honestly. One of the absolute worst things about western culture is the apparent creeping obsession with political correctness that has been escalating for the past few decades.
If only more westerners were like the great George Carlin. Grateful for once to live in the third world.
This is why every app and vendor asks you for it.
I change mine every 90 days.
As a result I planned for that phone stopping to work and my understanding is that I will be able to emergency 2FA with those code once it broke. Am I wrong?
What are the best available alternatives?
There are many other (free) email providers. Not all require 2FA via SMS.
How many homeless have been so for longer than four months?
In this case it’s not even a criticism of Google. I don’t see an easy solution here that couldn’t introduce a more gameable system for hackers.
It sucks, but there are alternatives besides gmail and if google is going to spend time on this, I'd rather they not and instead spend time on getting homeless into homes.
Why not lobby those engineers and product managers to improve something that they are actually have agency and arguably a mandate to improve, helping users homeless and otherwise?
My solution to this problem was simple: don't use Google. Use Yandex instead because they never require a phone for 2FA and they allow you to set your own custom security questions for account recovery as well as link a backup email account to reset your password. It would be trivial for Google to have these features too, but they won't because this is about spying and tracking and controlling users by forcing everyone to use a SIM card.
The Federal Govt doesn't "give" you a free phone. Cellular carriers give you the phone and the service when you sign up at one of their kiosks usually setup outside local Govt offices that provide services to the homeless. Like the food stamps office.
So you sign up witg T-Mobile or Verizon or smaller carriers nobody has heard of and you get your cheapo off-brand phone with low specs like 1GB of RAM and 3GB of cellular data per month. Great, that is an amazing way to help the homeless since doing everything requires a cell phone now.
But when you sign up, the carriers require you to provide a cirrebtly valid food stamps EBT card and a govt ID like a drivers license with your mailing address on it. They mail a form to that address within 60 days that you must sign and mail back to them to prove you are who you claim to be. I guess this is for fraud detection.
But if you are homeless, then obviously you will never be able to receive that form in the mail to prove you are who you claim to be. Then after 90 days if you have not returned your form in the mail, your free phone service is terminated.
You can immediately go and get a new Obamaphone, but you will have a new number and a new account. There is no way to port your old number because each carrier has totally separate systems to store your account.
This whole Obamaphone program is extremely wasteful because it is intended to help the homeless, but it is implemented to force the homeless to constantly churn through getting new phones every 90 days. I went through several different Obamaphones because of this. Typical Big Govt inefficiency I guess.
It is too bad that Google is so obsessed with spying on people and blibdly trusting SIM cards because you can still use Wifi on an Obamaphone that has been deactivated for cellular service. I don't know why Google refuses to base 2FA on something other than a SIM card. They already control the hardware through Android, so the phone hardware IMEI ID itself should be able to be used as a unique identifier.
Unmoored, trillion dollar megacorporations on autopilot like Google who are managed by multimillionaires Executives living in Silicon Valley and who are staffed by millionaire developers designing these systems of global information control do not think of the use case needs of the poorest, disadvantaged users who fall through the cracks.
I think it is fair to guess that many people reading this have achieved some level of success building solutions to technology problems. Much like solving for malicious use for the average user with 2FA - or privacy with things like protonmail - why shouldn't some of us attempt to solve this rather than expect/complain that Google hasn't?
Mail hosting isn't particularly expensive - companies like mxroute are sub $1 per GB per year with deliverability, etc taken care of - or at least well enough to make it better than constantly changing addresses.
I know that I personally would be willing to invest time and non-trivial amounts of money to offer a solution and gauge adoption and feedback.
Some opinions (open to feedback!) on where to start:
1. Use existing mail provider from the start - mxroute looks like a possibility
2. Overprovision storage by some reasonable factor - say 1GB accounts with 10x overprovisioning - interested to hear from those who know more than me about this but I wonder if more unhoused/homeless people generally use email for mostly transactional purposes not 20mb JPEGs, etc.
3. Ensure the webmail interface (possibly build it) is Ultra simple and Super accessible - screen readers, text to speech, and of course mobile first. Again I (perhaps naively) imagine that features like tagging, rich content composing, and filtering are super low priority here.
4. Have a sign up flow that is mildly fraud resistant - mobile number verification (VoIP not accepted) with a cool off before it can be used for another account (how often do Obamaphone numbers rotate/deactivate once stolen?) and an (accessible) captcha type system to avoid mass sign ups. This could then in V2 be expanded to include more corner cases - possibly invites in lieu of phone numbers, etc. If fraud/spam became an issue it should be easy to detect given these will generally be low volume users.
5. Require only a modestly secure password for login. Use malicious use detection to trigger recovery/verification mode (see next).
6. Have a recovery/verification mode that fits the user group - need ideas here - but 5 questions that you have to answer 4 of and have some verification that the answers are not just simple words at setup? Combine that with verify with a real (but possibly different) mobile (non-VOIP) number that hasn't been used in X days to verify another account? Trusted friend recovery address? Seems like lots of possible solutions to explore here, and no doubt lots of people smarter then me who could provided ideas.
Is there interest in doing this? Am I the only one that feels frustrated when we (including myself) debate what google should do, or why people are unhoused (or what to call people how are) when many of us are capable and financially able to at least try to offer a solution?
With 500k-1M homeless/unhoused in the US (no reason it couldn't be international, just starting somewhere) - let's say it was crazy successful and had a 10% adoption rate of actual active usage. Maybe that's 7.5 TB of storage. I'm sure a reputable provider would be willing to partner to provide that at $1/gb/year or less (plus hosting webmail, etc) - I'd be willing to pay that bill personally for that kind of adoption/benefit. Would others? Would others dedicate their time?
Homelessness is multifaceted - that seems to be the one thing everyone agrees on - so offering possible solutions to any given facet - from fragmented communications to safe shelter - is at least a start and possibly a small part of making a difficult life situation a little easier to overcome/deal with.
Maybe that's part of the issue. Why recycle numbers so aggressively? Give the user a few months to recover their old number if they can prove they are the same person.
Sorry for question, but it is a bit mind blowing for me, in my country homeless people are rare and the ones I see don't worry about anything besides something to eat and alcohol. So having a mobile for them would be like having cash to buy the mentioned things.