Hacker News new | past | comments | ask | show | jobs | submit login

It wasn't I, but this has been an absolute plague on an organization I work with. There are only 3 people, and we all have need to access some accounts but they are personal accounts. Also, the boss travels a lot, often to international destinations. Every time he flies I can almost guarantee we'll face some new nightmare. The worst is "we noticed something is a tiny bit different with you but we won't tell you what it is. We've emailed you a code to the email account that you are also locked out of because something is a tiny bit different with you. Also we're putting a flag on your account so it raises holy hell the next 36 times you log in."



Three people sharing a personal account, with one of them frequently traveling internationally, is such an unusual usage pattern that I'd be really disappointed with a service provider if they _didn't_ flag it for extra verification.


This is the problem with this kind of thing. It just perfectly captures the privilege/shelter of the programmers who come up with these heuristics of “obviously unusual”.

You just described the usage pattern of a pilot with a family, a truck driver, a seaman, etc.

It’s only unusual if your definition of usual is “relatively rich, computer power user”.


Not really. What's the use case there, everyone sharing a Google account?

I travelled a lot for work, and never had issues with account access. Nor did my wife ever have issues related to accounts. We don't share Google accounts though. It sounds like that user has personal accounts being used by three people for business use... Which isn't "A seaman and his family".


> What's the use case there, everyone sharing a Google account?

Yes. Everyone having their own distinct accounts is a property of high computer literacy in the family.

Many of my older extended family members have a single email account shared by a husband and wife. Or in one case the way to email my aunt is to send an email to an account operated by a daughter in a different town. Aunt and daughter are both signed in so the daughter can help with attachments or “emails that go missing”, etc.

> Which isn't "A seaman and his family".

The seaman in this scenario has a smartphone with the email signed in. It’s also signed in on the family computer at home. Both the wife and him send email from it. Maybe a kid does to from a tablet. This isn’t that difficult.


> Many of my older extended family members have a single email account shared by a husband and wife. Or in one case the way to email my aunt is to send an email to an account operated by a daughter in a different town. Aunt and daughter are both signed in so the daughter can help with attachments or “emails that go missing”, etc.

As usual with the "personas" scenarios, people creates their unrealistic scenario (just like when talking about UX or design). These personas you are describing will probably fall back to low-tech methods in most of the cases, they won't fail to take a plane because GMail locked them out due to unusual activity when they are trying to show the ticket QR in the airport. They will just print it (or have someone print it for them) beforehand.

> The seaman in this scenario has a smartphone with the email signed in. It’s also signed in on the family computer at home. Both the wife and him send email from it. Maybe a kid does to from a tablet. This isn’t that difficult.

You just missed to add that they use their shared email to communicate between them by using the "Sent" folder. To be more realistic, the seaman right after buying his Android phone will create without realizing a new Google account because he doesn't probably know that he could use the email account he is already using at home. But, enough with made-up examples to prove our own points.


This is amazing. He just spelled out for you in great detail the sort of problems that arise in practice in the real world every day and you dismissed them out of hand as being unrealistic. I think you are far more sheltered and far less experienced than you realize. This sort of attitude is exactly what leads to these sorts of things becoming problems in the first place!

> They will just print it (or have someone print it for them) beforehand.

Yes, they will do that precisely because they do not trust technology to work for them because it frequently does not! I have family members like this. I log in to their accounts on my devices for various reasons. Even worse, I run Linux. We run in to these problems frequently. Spend time helping technically illiterate people with things. While doing so, make a concerted effort to understand why they say or think some of the things that they do.

Edit to add, I find it amusing that you make fun of his seaman example. Almost that exact scenario (in terms of number of devices, shared devices, and locations) is currently the case for two of my relatives. Two! And yet you ridicule it.


It may be true about 10 years ago but I imagine the heuristics to have been improved since; I remember being locked out of my Google account while abroad for a month and all it took was to log back in within my "country of origin".

Or a more recent example: my father forgot to bring his Android phone back abroad which subsequently locked him out of his account/services; had to wipe it for him to get his access back.


Most services assume your own device.

If you don't own your own device and rely on third-party devices to access the service, good luck to you...


The frustrating thing to me is that as a user they don't give us any tools to help ourselves. I would gladly make it a "team" account and login individually if we could. I would gladly do a shared TOTP, or whitelist login locations, or anything like that. Or at least give us the option to accept the risk and disable whatever anomaly detection they are applying. But no, that's not how the software world works anymore. Extreme paternalism mode is the only option as a user.


Why don't you share a TOTP between all of you? Just take a screenshot of the authenticator QR code, or save it to a shared 1password secret.

Google's login protection mechanisms seem to be satisfied by TOTP usage, and you won't be locked out anymore (or at least much less likely to be).


You're right that would totally work with Google. In our case the boss is quite computer illiterate and trying to get him to use LastPass was hard enough. He will tolerate a lot of pain from getting locked out before he'll be willing to learn TOTP :-(

And for many of the SaaS that we use, TOTP doesn't help you avoid the security lock outs.


Why do you need to all access the same account though? Can't you grant access to whatever resource you need to multiple accounts?


For some of them we can, for others no. Sadly it seems as though supporting this sort of thing is not a priority for most SaaS


Have you considered using the same Proxy or VPN? I work remotely and sometimes access services through a VPN based in the country my coworkers are at specifically to avoid this kind of annoyance.


This is a great idea, although the boss is pretty technically challenged so getting him set up on it might be interesting. It's been extremely difficult just to teach him to use LastPass.

Much appreciate the suggestion!


There are also a number of browser extensions which may be easier to set up and use for non-technical folks, for example FoxyProxy seems to offer one. I've never tried any myself, though.


I recently setup a WireGuard VPN and it was surprisingly easy (compared to other VPN solutions) and works very reliable for me.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: