Hacker News new | past | comments | ask | show | jobs | submit login

Google (and other companies) are purposely opaque about how they determine whether you have provided enough information to verify you are the owner of the account...

Getting it wrong has significant impact on how much the brand is trusted (and for some companies, that's all they have)... Lose it and it's time to shutter!

To be fair to Google, they do regularly prompt users to review the security of their account (e.g. with checklists like this: https://support.google.com/accounts/answer/46526?hl=en). Note that Step 3 is "Update your account recovery options"!!




They always seem to want phone numbers, which in a lot of countries are easily attributable to real people.

One more time the "techbros" of Silicon Valey don't realize their actions are hurting people.


Just buy two yubikeys.


Why? Instead of 2FA?


You can do both TOTP and U2F on an yubikey.

U2F is much harder to trick..

And TOTP on your phone is likely to get hacked. TOTP on a physical yubikey is a much harder target.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: