Google turning on 2SV by default
 

My initial reaction to this is, "No, please No! My 90-year-old father will be hopelessly lost every time the prompt arrives, plus he loses his phone every 15 minutes. I hope there is an easy way to opt him out or he will quickly lose access to his Google account, along with millions of other users I expect.

https://www.engadget.com/google-two-...161224608.html

Isnt it sad??

People always do stuff NO MATTER IF ITS BAD OR NOT and they dont care......


Really very sad.....

Here's what Google says about it. https://blog.google/technology/safet...out-passwords/

I believe in and use 2FA and 2SV for my most important accounts, but it still is a huge hassle and some people, like my aged father, just can't handle it. I suspect this will also be a huge hassle too for Google when people get locked out of their accounts.

It is a hassle.

I have been forced to use it on a few accounts. A few more are coming on line.

From the Google Blog:
Passwords are easy to steal only if you are like a friend of mine who asked me to print his password list out a few days ago. He keeps them in a unencrypted word document. Well what ever, I printed it out for him. Then gave him my thoughts and recommended KeePass. He was unfazed.

There are not hard to remember, I only remember a few, the rest I don't even know. That's what a password manager is for. Using one is not tedious. I do believe long complicated passwords (as in random generated) are more secure. I have 206 entries in my passwords manager. I am not tempted to use the same password because it complexity and can't remember. That what my password manager is for. I am not among that 66% mentioned above.

Then later on in the article the author promotes Google Password Manager. No thanks, I will not trust Google to all of my passwords.

I didn't see any mention of an email option. I sure hope there is one. All of the sites I use TFA with do. Google does not have my cell number.

The most likely way to have your password stolen is via phishing or other hacks that trick you into revealing your password for a particular site. Some of the phishing attacks are diabolically clever. They'll pixel perfectly duplicate something like the Google or banking login screen, but instead it is sending your password to the hacker. That's why having a second factor is so effective at blocking attacks. When the hacker tries the password a prompt is sent to your phone and hopefully you deny that it is you trying to login. It is possible to also have your password stolen in large database hacks. These database steals happen every day, which is one reason not to reuse passwords no matter how complex. If some forum leaks your password via an unsecured database it won't really matter to you much, but if you used that same password for your bank you might be in trouble. It is pretty rare that someone will try to crack your password, no matter how stupid and short it is, but it does happen, especially if you are someone famous or likely to be targeted like a journalist or politician. The average person will not be the target of password crackers.

I get phishing emails every now an then. Even some via SMS on my cell phone. Even if some site did manage to trick me, that would compromise only that site.