From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Bottomley Subject: Re: [Lsf] [Lsf-pc] hello Date: Thu, 25 Jul 2013 08:55:30 -0700 Message-ID: <1374767730.1952.27.camel@dabdike> References: <20130721180553.GC21110@thunk.org> <20130723185656.GA2134@thunk.org> <1374675803.4634.10.camel@dabdike> <20130724144920.GA29346@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Theodore Ts'o , linux-fsdevel@vger.kernel.org To: =?UTF-8?Q?Luk=C3=A1=C5=A1?= Czerner Return-path: Received: from bedivere.hansenpartnership.com ([66.63.167.143]:39538 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755609Ab3GYPzd (ORCPT ); Thu, 25 Jul 2013 11:55:33 -0400 In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Thu, 2013-07-25 at 12:03 +0200, Luk=E1=A8 Czerner wrote: > On Wed, 24 Jul 2013, Theodore Ts'o wrote: >=20 > > Date: Wed, 24 Jul 2013 10:49:20 -0400 > > From: Theodore Ts'o > > To: James Bottomley > > Cc: Luk=E1=A8 Czerner , linux-fsdevel@vger.ker= nel.org > > Subject: Re: [Lsf] [Lsf-pc] hello > >=20 > > On Wed, Jul 24, 2013 at 07:23:23AM -0700, James Bottomley wrote: > > >=20 > > > Yes, just to emphasise, the phone number thing is completely unvi= able > > > for me as well. They want to send you a code every time you log = on. > > > It's founded on the assumption you have a single number that can = reach > > > everywhere, which obviously doesn't work when you're travelling. > > >=20 > > > I thought they had something which used the google authenticator = app? > > > Which can generate the codes without needing an active cell connn= ection. > >=20 > > There is a google authenticator app. Having the codes sent via SMS= is > > an option, but it's certainly not the only way to use 2 factor > > authentication. > >=20 > > It's been a while since I've done the 2FA signup flow, but I believ= e > > they had streamlined it a bit to make it easier to use. It may hav= e > > been that one of the ways the 2FA signup flow was streamlined was t= o > > assume that everyone would have a cell phone which was SMS-capable, > > but not everyone would have an Android phone. But after you enable > > 2FA, it is definitely possible to set it up to use the android > > application. >=20 > Problem I've got is that in order to enable 2FA I need to go through > a series of steps the first one of which is to send me a Google > Authenticator application, even though I already have this installed > on my phone. And apparently they want to send a link to me via sms. Yes, I did try this on my sip based land line using a voice call ... it doesn't actually work; at least it never gave me the call back. > I do not see any way around that unfortunately. So to me this really > looks like a cheap way to get my phone number (which is not the > first attempt from Google I have to say). >=20 > Enabling this from the GA application does not seem to be possible > as it tells me to look at the accounts.google.com/security which > takes me back to what I've described earlier. It is quite annoying > :) I think the crux of the problem is that Google believes you're using gmail, so they don't think you have an email they could send password recovery to. There's probably a small minority of us who already had functional email accounts, thank you very much, and have tried very har= d to disable the gmail account google forces down your throat with android. The usual rule of security is that if you want people to do it, you mak= e it easy. This isn't easy (or, in some cases, possible) by any means. It's perfectly simple: I don't mind Google collecting the phone numbers of people who want to give them up (or have one number to give). However, I want account recovery and setup done by email to the address I control not by phone because I almost always have access to email whe= n travelling and don't usually have access to a pre defined phone number (except the internet one which google just failed to deliver the notice to). James James -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel= " in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html