Subj : Google to turn on 2-facto
To   : Ed Vance
From : Arelor
Date : Thu Oct 07 2021 06:29:34

  Re: Google to turn on 2-facto
  By: Ed Vance to August Abolins on Wed Oct 06 2021 12:03 pm

 > 10-06-21 09:06 August Abolins wrote to All about Google to turn on 2-facto Howdy! August,
 > 
 >  AA> Google to turn on 2-factor authentication for 150MN
 > 
 >  AA> " By the end of the year, Google will require 150 MILLION
 >  AA> people to use its two-step verification process to login to
 >  AA> accounts, using one-time codes for apps too. YouTube will also
 >  AA> require around 2MN content creators to do the same.
 > 
 >  AA> " Google claims it is one of the most reliable ways to prevent
 >  AA> hacks, which requires a secondary personal device to be
 >  AA> registered.
 > 
 > I don't have any Google accounts but I have a problem with 2-factor authentication (2FA).
 > 
 > I do have a Cell Phone ("secondary personal device")  but only use
 > it as a Telephone when I'm away from the house.
 > I don't use it for Texting or Data.
 > 
 > I have a land line phone and can't receive Text Messages on it.
 > 
 > I was asked by my Email Provider for a 2FA phone number but learned
 > by reading the sites Help page that it wanted a Mobile Number not
 > the L/L number when I was asked for a 2FA number.
 > I tried entering the L/L # but later on I removed that entry.
 > 
 > I only give the Cell Phone number to a few people or businesses.
 > I won't enter it when I'm asked about 2FA.
 > 
 > I guess I'm just a trouble maker.
 > 
 > 73 de Ed W9ODR          dit           dit
 > 
 > 
 > ... I'm thick headed and hard of hearing - would You repeat that please?

There are many mechanisms for 2FA.

I think Google is using TOTP, which does not require a phone number (or a data plan for that matter). Hell, you can do it without a phone, using a TOTP device (such as a Nitrokey. ADMIN
Magazine review coming soon)

The idea is that the TOTP device creates a One-Time-Password which is a function of the date (in seconds) and some cryptomaterial stored in the TOTP device. This means if you need to know your
password for NOW you tell the device to produce it, and you get one, and the device only needs to have a copy of your OTP key material and a working clock.

The server can verify the password is correct by performing the same operation, pretty much.

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

.