Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Gmail and two factor authentification

Seek assistance with all types of tech. - computer, phone, TV, heating controls etc.
Alaric
Lemon Half
Posts: 6035
Joined: November 5th, 2016, 9:05 am
Has thanked: 20 times
Been thanked: 1400 times

Gmail and two factor authentification

#463927

Postby Alaric » December 7th, 2021, 5:46 pm

I have had an email from Google saying they are implenting two factor authentication in the near future.

Unless they make a single authentication last a month or more that's going to make using gmail extremely annoying very quickly. Having upgraded to a new computer with Windows 11, it's nice that gmail automically syncs so there's no gruesome process of transferring data, but Mail for Windows can be a horror when you aren't used to it.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Gmail and two factor authentification

#463949

Postby Infrasonic » December 7th, 2021, 6:52 pm

I've been using 2FA with Gmail for ages and (touch wood) the only time it ever really bothers me is if I try and access from a new client device, for which you'll get an alert.
AFAIK all that's happening is they are forcing 2FA to be used - not upping the ante in terms of making it more awkward to use.

Same with Microsoft/Outlook.live.com. and other MS or linked API services.
Authenticator can generate offline access codes (when needed) so will still work without a mobile/Wi-Fi signal.

Midsmartin
Lemon Slice
Posts: 778
Joined: November 4th, 2016, 7:18 am
Has thanked: 211 times
Been thanked: 491 times

Re: Gmail and two factor authentification

#463986

Postby Midsmartin » December 7th, 2021, 8:33 pm

If you have Gmail set up in outlook or something, you don't have to use 2fa every time for this. It's not as intrusive as you fear, and less intrusive than having your account hacked into.

Alaric
Lemon Half
Posts: 6035
Joined: November 5th, 2016, 9:05 am
Has thanked: 20 times
Been thanked: 1400 times

Re: Gmail and two factor authentification

#463991

Postby Alaric » December 7th, 2021, 8:39 pm

Midsmartin wrote:If you have Gmail set up in outlook or something, you don't have to use 2fa every time for this.


There are contradictory statements. The email announcing 2FA doesn't caveat it by saying it only applies when using a new device. Elsewhare that caveat is stated. I've already noticed that despite being the same machine, Google will complain when I'm using a hotel wifi rather than the home connection.

Midsmartin
Lemon Slice
Posts: 778
Joined: November 4th, 2016, 7:18 am
Has thanked: 211 times
Been thanked: 491 times

Re: Gmail and two factor authentification

#463996

Postby Midsmartin » December 7th, 2021, 8:46 pm

Alaric wrote:
Midsmartin wrote:If you have Gmail set up in outlook or something, you don't have to use 2fa every time for this.


There are contradictory statements. The email announcing 2FA doesn't caveat it by saying it only applies when using a new device. Elsewhare that caveat is stated. I've already noticed that despite being the same machine, Google will complain when I'm using a hotel wifi rather than the home connection.


I'm assuming it works the same way as office365 2fa. You have to use the second factor when you first configure outlook on your desktop, but it does not ask you every time you open outlook. In some cases you need to use an "app password",a generated password that only works for one application..a bit of a bypass of 2fa.

Lootman
The full Lemon
Posts: 18681
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6564 times

Re: Gmail and two factor authentification

#464005

Postby Lootman » December 7th, 2021, 9:12 pm

Alaric wrote:I have had an email from Google saying they are implenting two factor authentication in the near future.

Unless they make a single authentication last a month or more that's going to make using gmail extremely annoying very quickly. Having upgraded to a new computer with Windows 11, it's nice that gmail automically syncs so there's no gruesome process of transferring data, but Mail for Windows can be a horror when you aren't used to it.

Yeah, I can see the value of 2FA for my financial accounts. But for email?

I already have issues accessing email if I suddenly materalise in another country, as I do quite often, and this will just make that worse, not least because my designated phone may not work in the location I am in.

At least give me the option to opt out of the extra security.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Gmail and two factor authentification

#464007

Postby Infrasonic » December 7th, 2021, 9:16 pm

Alaric wrote:
Midsmartin wrote:If you have Gmail set up in outlook or something, you don't have to use 2fa every time for this.


There are contradictory statements. The email announcing 2FA doesn't caveat it by saying it only applies when using a new device. Elsewhare that caveat is stated. I've already noticed that despite being the same machine, Google will complain when I'm using a hotel wifi rather than the home connection.


Hotel WiFi is notoriously flaky from a security perspective - so that may be a separate Google alert issue!
There have also been quite a few successful database breaches and ransomware attacks on hotel chains - if you can use a 4/5G mobile phone wifi hotspot do so.
If not try a VPN, but again that might cause issues with Google/Gmail off the bat. Split tunnel VPN should help there so you can bypass if needs be.
Last edited by Infrasonic on December 7th, 2021, 9:20 pm, edited 1 time in total.

BullDog
Lemon Quarter
Posts: 2446
Joined: November 18th, 2021, 11:57 am
Has thanked: 1966 times
Been thanked: 1199 times

Re: Gmail and two factor authentification

#464010

Postby BullDog » December 7th, 2021, 9:20 pm

I think the key thing here is that your Gmail password is the password to everything that the Google environment offers you. Whether you are using them or not. There is far more at stake here than access to a Gmail account. I advise everyone to implement 2FA for their Google (gmail) account.

Lootman
The full Lemon
Posts: 18681
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6564 times

Re: Gmail and two factor authentification

#464012

Postby Lootman » December 7th, 2021, 9:21 pm

Infrasonic wrote:
Alaric wrote:
Midsmartin wrote:If you have Gmail set up in outlook or something, you don't have to use 2fa every time for this.

There are contradictory statements. The email announcing 2FA doesn't caveat it by saying it only applies when using a new device. Elsewhare that caveat is stated. I've already noticed that despite being the same machine, Google will complain when I'm using a hotel wifi rather than the home connection.

Hotel WiFi is notoriously flaky from a security perspective - so that may be a separate Google alert issue!
There have also been quite a few successful database breaches and ransomware attacks on hotel chains - if you can use a 4/5G mobile phone wifi hotspot do so.

If not try a VPN, but again that might cause issues with Google/Gmail off the bat. Split tunnel VPN should help there so you can bypass if needs be.

But why should I have to jump through all those hoops? At minimum it should be optional.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Gmail and two factor authentification

#464019

Postby Infrasonic » December 7th, 2021, 9:38 pm

Lootman wrote:
Infrasonic wrote:
Alaric wrote:There are contradictory statements. The email announcing 2FA doesn't caveat it by saying it only applies when using a new device. Elsewhare that caveat is stated. I've already noticed that despite being the same machine, Google will complain when I'm using a hotel wifi rather than the home connection.

Hotel WiFi is notoriously flaky from a security perspective - so that may be a separate Google alert issue!
There have also been quite a few successful database breaches and ransomware attacks on hotel chains - if you can use a 4/5G mobile phone wifi hotspot do so.

If not try a VPN, but again that might cause issues with Google/Gmail off the bat. Split tunnel VPN should help there so you can bypass if needs be.

But why should I have to jump through all those hoops? At minimum it should be optional.


Because there are liability issues and loads of data beaches - stupid people do stupid things all the time and I suppose Google and the other big corps. have got to the stage where they are limiting their legal liability by enforcing 2FA.
I was resistant for ages as 2FA was a PITA in the early days - I tried it and backed out. My recent experiences have been fine though and I'm slowly working my way through various accounts turning 2FA on. No issues whatsoever (so far...).

Lootman
The full Lemon
Posts: 18681
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6564 times

Re: Gmail and two factor authentification

#464021

Postby Lootman » December 7th, 2021, 9:40 pm

Infrasonic wrote:
Lootman wrote:
Infrasonic wrote:Hotel WiFi is notoriously flaky from a security perspective - so that may be a separate Google alert issue!
There have also been quite a few successful database breaches and ransomware attacks on hotel chains - if you can use a 4/5G mobile phone wifi hotspot do so.

If not try a VPN, but again that might cause issues with Google/Gmail off the bat. Split tunnel VPN should help there so you can bypass if needs be.

But why should I have to jump through all those hoops? At minimum it should be optional.

Because there are liability issues and loads of data beaches - stupid people do stupid things all the time and I suppose Google and the other big corps. have got to the stage where they are limiting their legal liability by enforcing 2FA.

I was resistant for ages as 2FA was a PITA in the early days - I tried it and backed out. My recent experiences have been fine though and I'm slowly working my way through various accounts turning 2FA on. No issues whatsoever (so far...).

Like you I have come around to the value of 2FA when it comes to financial accounts.

But email?

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Gmail and two factor authentification

#464032

Postby Infrasonic » December 7th, 2021, 9:58 pm

Lootman wrote:
Infrasonic wrote:
Lootman wrote:But why should I have to jump through all those hoops? At minimum it should be optional.

Because there are liability issues and loads of data beaches - stupid people do stupid things all the time and I suppose Google and the other big corps. have got to the stage where they are limiting their legal liability by enforcing 2FA.

I was resistant for ages as 2FA was a PITA in the early days - I tried it and backed out. My recent experiences have been fine though and I'm slowly working my way through various accounts turning 2FA on. No issues whatsoever (so far...).

Like you I have come around to the value of 2FA when it comes to financial accounts.

But email?



Why do you think spammers jump through so many authentication hoops (SPF/DKIM/ARC) to deliver phishing emails / malware et al? Because it works well enough financially to keep them persisting, despite the might of Google / Microsoft and others trying to stop them.
ID theft can occur over a long period of time as they knit together disparate bits of info garnered from different database sources. Pay attention to how many different entities get successfully hacked and the sensitive personal data that gets exposed if not properly encrypted. I've pointed this out to you before on other threads, nothing has changed there. :)

Lootman
The full Lemon
Posts: 18681
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6564 times

Re: Gmail and two factor authentification

#464034

Postby Lootman » December 7th, 2021, 10:02 pm

Infrasonic wrote:
Lootman wrote:
Infrasonic wrote:Because there are liability issues and loads of data beaches - stupid people do stupid things all the time and I suppose Google and the other big corps. have got to the stage where they are limiting their legal liability by enforcing 2FA.

I was resistant for ages as 2FA was a PITA in the early days - I tried it and backed out. My recent experiences have been fine though and I'm slowly working my way through various accounts turning 2FA on. No issues whatsoever (so far...).

Like you I have come around to the value of 2FA when it comes to financial accounts.

But email?

Why do you think spammers jump through so many authentication hoops (SPF/DKIM/ARC) to deliver phishing emails / malware et al? Because it works well enough financially to keep them persisting, despite the might of Google / Microsoft and others trying to stop them.

ID theft can occur over a long period of time as they knit together disparate bits of info garnered from different database sources. Pay attention to how many different entities get successfully hacked and the sensitive personal data that gets exposed if not properly encrypted. I've pointed this out to you before on other threads, nothing has changed there. :)

I keep my personal and financial data in very separate emails from the more general stuff that can do me no harm.

So I draw a distinction between email accounts that can cause me harm and those that cannot. Unless you think me letting my buddy know that I will see him in the pub this Friday night can somehow be used against me.

Give me the choice!!!

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Gmail and two factor authentification

#464057

Postby Infrasonic » December 7th, 2021, 10:32 pm

Lootman wrote:
Infrasonic wrote:
Lootman wrote:Like you I have come around to the value of 2FA when it comes to financial accounts.

But email?

Why do you think spammers jump through so many authentication hoops (SPF/DKIM/ARC) to deliver phishing emails / malware et al? Because it works well enough financially to keep them persisting, despite the might of Google / Microsoft and others trying to stop them.

ID theft can occur over a long period of time as they knit together disparate bits of info garnered from different database sources. Pay attention to how many different entities get successfully hacked and the sensitive personal data that gets exposed if not properly encrypted. I've pointed this out to you before on other threads, nothing has changed there. :)

I keep my personal and financial data in very separate emails from the more general stuff that can do me no harm.

So I draw a distinction between email accounts that can cause me harm and those that cannot. Unless you think me letting my buddy know that I will see him in the pub this Friday night can somehow be used against me.

Give me the choice!!!


Unless your sensitive emails are encrypted at source (which requires the receive end to be similarly set up to decrypt them) then having different email accounts makes very little difference - you're effectively sending electronic postcards, not wax sealed letters.

Lootman
The full Lemon
Posts: 18681
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6564 times

Re: Gmail and two factor authentification

#464059

Postby Lootman » December 7th, 2021, 10:34 pm

Infrasonic wrote:
Lootman wrote:
Infrasonic wrote:Why do you think spammers jump through so many authentication hoops (SPF/DKIM/ARC) to deliver phishing emails / malware et al? Because it works well enough financially to keep them persisting, despite the might of Google / Microsoft and others trying to stop them.

ID theft can occur over a long period of time as they knit together disparate bits of info garnered from different database sources. Pay attention to how many different entities get successfully hacked and the sensitive personal data that gets exposed if not properly encrypted. I've pointed this out to you before on other threads, nothing has changed there. :)

I keep my personal and financial data in very separate emails from the more general stuff that can do me no harm.

So I draw a distinction between email accounts that can cause me harm and those that cannot. Unless you think me letting my buddy know that I will see him in the pub this Friday night can somehow be used against me.

Give me the choice!!!

Unless your sensitive emails are encrypted at source (which requires the receive end to be similarly set up to decrypt them) then having different email accounts makes very little difference - you're effectively sending electronic postcards, not wax sealed letters.

Again, there is a clear distinction between the information contained in the email account I use for financial data and the account I use for personal stuff that cannot do me any harm. I am running out of different ways to explain that to you.

Alaric
Lemon Half
Posts: 6035
Joined: November 5th, 2016, 9:05 am
Has thanked: 20 times
Been thanked: 1400 times

Re: Gmail and two factor authentification

#464071

Postby Alaric » December 7th, 2021, 10:51 pm

BullDog wrote:I think the key thing here is that your Gmail password is the password to everything that the Google environment offers you.


If what you are looking for is a reliable email account, the security of bells and whistkes should not be there to cause grief. I don't suppose the Microsoft rival (something@outlook.com ? ) is any better.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Gmail and two factor authentification

#464085

Postby Infrasonic » December 7th, 2021, 11:11 pm

Alaric wrote:
BullDog wrote:I think the key thing here is that your Gmail password is the password to everything that the Google environment offers you.


If what you are looking for is a reliable email account, the security of bells and whistkes should not be there to cause grief. I don't suppose the Microsoft rival (something@outlook.com ? ) is any better.


I use both free Gmail/Outlook.com with 2FA and both are pain free - I just click 'yes' on the MS authenticator app when it asks if I want to grant access - which is only an 'every time' event when I access my MS account (rarely).
For email access it will only get involved if I change to something like a new client, or need to set up another alias address (that has to be done via the MS account).

I also use the MS authenticator app for my domain mail (Fasthosts) - again it only gets involved when there are changes. I've just logged in to the webmail and it was two clicks. The bookmark and the user/password entry confirmation - exactly the same as before I started using 2FA.

servodude
Lemon Half
Posts: 8272
Joined: November 8th, 2016, 5:56 am
Has thanked: 4435 times
Been thanked: 3564 times

Re: Gmail and two factor authentification

#464110

Postby servodude » December 8th, 2021, 12:10 am

Infrasonic wrote:
Alaric wrote:
BullDog wrote:I think the key thing here is that your Gmail password is the password to everything that the Google environment offers you.


If what you are looking for is a reliable email account, the security of bells and whistkes should not be there to cause grief. I don't suppose the Microsoft rival (something@outlook.com ? ) is any better.


I use both free Gmail/Outlook.com with 2FA and both are pain free - I just click 'yes' on the MS authenticator app when it asks if I want to grant access - which is only an 'every time' event when I access my MS account (rarely).
For email access it will only get involved if I change to something like a new client, or need to set up another alias address (that has to be done via the MS account).

I also use the MS authenticator app for my domain mail (Fasthosts) - again it only gets involved when there are changes. I've just logged in to the webmail and it was two clicks. The bookmark and the user/password entry confirmation - exactly the same as before I started using 2FA.


it's configurable at an org level by whomever is running your MS email
- i.e. the duration of authentication can be set to expire sooner if need been (or only on changes in things like IP or client)

I think BullDog's point is correct as to why Google are acting the way there are... in that there's no "just email" gmail account
- even enterprise hosted google ones I have come with the full gammut of drive, and SSO login capabilities
- access to one of them even if I am not interested in the resources or data stored therein affords a decent opportunity for identify theft

- sd

Breelander
Lemon Quarter
Posts: 4179
Joined: November 4th, 2016, 9:42 pm
Has thanked: 1000 times
Been thanked: 1855 times

Re: Gmail and two factor authentification

#464111

Postby Breelander » December 8th, 2021, 12:18 am

Lootman wrote:Yeah, I can see the value of 2FA for my financial accounts. But for email?



There have been countless reports of email accounts being hacked, usually by malware stealing your login cookies so they can be used on another device. 2FA protects against that.

Lootman
The full Lemon
Posts: 18681
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6564 times

Re: Gmail and two factor authentification

#464115

Postby Lootman » December 8th, 2021, 12:34 am

Breelander wrote:
Lootman wrote:Yeah, I can see the value of 2FA for my financial accounts. But for email?

There have been countless reports of email accounts being hacked, usually by malware stealing your login cookies so they can be used on another device. 2FA protects against that.

Agreed, but whether or not that matters depends crucially on what I use that email account for. I am suggesting that the user should be allowed to opt in or out of 2FA, rather than have that imposed upon them.


Return to “Technology - Computers, TV, Phones etc.”

Who is online

Users browsing this forum: No registered users and 14 guests