this post was submitted on 16 Mar 2025
600 points (97.5% liked)

Greentext

5716 readers
1089 users here now

This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.

Be warned:

If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Little8Lost@lemmy.world 9 points 1 day ago* (last edited 1 day ago) (1 children)

Currently having problems with GMail I lost my old phone (2fA) and no device was logged in so i could not access steam and like everything that requires that old mail

And my phone provider or postal service is stupid because i could not get a replacement sim after multiple tries which normally works

Googles account recovery policy is basically:

  • 2fA
  • recovery email
  • create a new account x.x

I think the recovery mail option only gets unlocked after 6? months inactivity because ~3 months ago i did not have the option

Now after requesting a recovery i still have to wait a full month before they maybe send me a password reset to my moms mail

But steam support was nice. Managed to get the account by providing a product key i used a few months ago and was lucky enough not to have thrown the physical card away

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 5 points 1 day ago (3 children)

Currently having problems with GMail I lost my old phone (2fA)

Yea this is exactly why I don't use 2FA

If the password is like 64 characters randomly generated by Keepass, the 2FA doesn't matter.

[–] lmmarsano@lemmynsfw.com 1 points 4 hours ago* (last edited 4 hours ago)

Nah, password authentication or anything that transmits the full shared, secret is beyond primitive. Passkeys, client certificates, OTP never transmit the secret key. With passkeys & client certificates, the server never has the secret key, so it can't expose it.

Problems due to phone loss indicate bad practices. Any decent password manager or vault service can manage cryptographic credentials of any kind.

[–] Blaat1234@lemmy.world 4 points 21 hours ago

You can still accidentally leak your password via phishing or malware. 2FA is fine if you don't tie it to a phone number, simplest way: install any authenticator app for TOTP tokens. Scan the QR code on multiple devices like phone + tablet, or old phone, for redundancy. Or save the secret key.

Google and most critical services also give you a list of 10 single use emergency codes that you should print or save in Keepass - lost the phone? Nbd just use one of the codes and reset 2FA.

I also never thought my non shared password would be public but one day I suddenly got prompted on the authenticator if I wanted to login; still no idea how or why but at least no one could get in and immediately rotated out the password.

[–] ArcaneSlime@lemmy.dbzer0.com 4 points 1 day ago

This is what I do as well. A few services force 2fa though and also have 0 good options (let me use my flipper as a u2f through not chrome, ungoogled-chromium works, but damn), and for those I'm forced to use text.

While I'm here, anyone have a good chrome based browser that is private and can use serial ports for flashing meshtastic devices and u2f? Need android mainly because I have ungoogled-chromium on linux, but will take recs for linux too if there's a better one.