Remix.run Logo
Centrino 8 hours ago

I've often read that 2FA should be through an authenticator app or a physical key, not via texting a code to a phone number. Malicious sim swapping is a thing, so purposely deleting any phone number from an account should be good practice, right?

So will they also delete inactive accounts that have no phone number, but one or more phone-less 2FA methods associated?

anenefan 5 minutes ago | parent | next [-]

I struck the same as described in OP a couple of years ago. Yes, regardless of other methods of contract for 2FA, I recall even when I thought I had it licked, the process reverted back to asking for a phone number to contract. I tried with a different number of browsers and eventually the latest up to date machine with the same failure.

al_borland 2 hours ago | parent | prev | next [-]

Google started using their mobile app for 2FA on my account without me ever opting in. Now I’m afraid if I delete the Gmail app from my phone I’ll lose access to my account.

remslave 8 hours ago | parent | prev [-]

They default to authing you via a sms code usually still, even when you have an authenticator paired