| ▲ | Centrino 8 hours ago | |
I've often read that 2FA should be through an authenticator app or a physical key, not via texting a code to a phone number. Malicious sim swapping is a thing, so purposely deleting any phone number from an account should be good practice, right? So will they also delete inactive accounts that have no phone number, but one or more phone-less 2FA methods associated? | ||
| ▲ | anenefan 5 minutes ago | parent | next [-] | |
I struck the same as described in OP a couple of years ago. Yes, regardless of other methods of contract for 2FA, I recall even when I thought I had it licked, the process reverted back to asking for a phone number to contract. I tried with a different number of browsers and eventually the latest up to date machine with the same failure. | ||
| ▲ | al_borland 2 hours ago | parent | prev | next [-] | |
Google started using their mobile app for 2FA on my account without me ever opting in. Now I’m afraid if I delete the Gmail app from my phone I’ll lose access to my account. | ||
| ▲ | remslave 8 hours ago | parent | prev [-] | |
They default to authing you via a sms code usually still, even when you have an authenticator paired | ||