Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What is usually not mentioned is that enabling two factor authentication is a mayor reason for people getting locked out of their accounts.


Actually, in my experience it can also bite the other way around:

I was locked out of my Google account after using it in Italy and coming back to Germany. Unable to login: It would first ask username, password, then send me an a-mail, then ask for the code from the e-mail (which I provided) and then either tell me to enter a phone number (Google is not going to get it from me!) or alternatively:

“You're trying to sign in on a device Google doesn't recognize, and we don't have enough information to verify that it's you. For your protection, you can't sign in here right now.”

If that isn't dystopian.

I interpreted the phone number requirement as a signal that “had I setup 2FA, it would not have asked for the phone number but maybe just the second factor?”. Then I went on an odyssey to setup a Google account without linking it to a phone and with 2FA enabled (also not linked to a phone!). Seems OK so far, but the procedure is highly complicated and partially luck-dependent. I am probably going to publish it, because there are tons of articles about how to setup Google account without phone number, but none of them worked for me at the time :)

I still do not rely on Google for anything but the search engine which still works without any login...


> I interpreted the phone number requirement as a signal that “had I setup 2FA, it would not have asked for the phone number but maybe just the second factor?”. Then I went on an odyssey to setup a Google account without linking it to a phone and with 2FA enabled (also not linked to a phone!). Seems OK so far, but the procedure is highly complicated and partially luck-dependent. I am probably going to publish it, because there are tons of articles about how to setup Google account without phone number, but none of them worked for me at the time :)

I'd be interested, even if it was just a rough guide. My experience has been that some services apparently let you sign up without a phone number, but then try to extort it out of you either at first login (or worse) after you've used the service for awhile.

I've noticed some of my own old accounts (not google anyway) seem to be grandfathered in and do not have a hard requirement here.


> I'd be interested, even if it was just a rough guide.

Here we go: https://masysma.net/37/google_how_to_create_an_account_witho...

You might notice the date on that page being 2021/04/06 -- I had this in draft state for a long time, but newly put it online now. What has worked back then may not work anymore, though.

> My experience has been that some services apparently let you sign up without a phone number, but then try to extort it out of you either at first login (or worse) after you've used the service for awhile.

Yes, that is basically what Google did to me, too. It was not a new account either -- from 2012 (I still have the initial "registration" e-mail).

I just checked: I can still login into that account that I had created around 2021 when I discovered the "trick" as described on the website. It asked for username/password/2FA and that was it. I did not use it much in the meantime, though.


>Seems OK so far

First dose is free, eventually you'll have to give the phone number for your safety.

lol, see https://news.ycombinator.com/item?id=34584269




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: