[doughj3]

> Now, you have one more option—and it’s already in your pocket. Starting today in beta, your phone can be your security key—it’s built into devices running Android 7.0+.

You know, it's nice they phrase this as an "option", but in my experience Google has the habit of forcing me to have my phone on me when I login from a new location / new device, something I never asked for and apparently cannot disable.[0] This has locked me out of my Google account more than once which also locks me out of anything that sends 2FA to my Gmail or Gvoice. I guess I'm thankful that I've learned this in non-emergency scenarios, as I'm now prepping to degoogleify myself, but it's a user-hostile in my opinion. Security always has convenience trade-offs, but let the user decide where they want to draw that line.

[0] https://pbs.twimg.com/media/D3WJ0UdXkAASs_O.png

[helloindia]

This happened with some of my friends, and locked them out of their gmail accounts(2FA disabled accounts). Google won't let them login to their accounts after providing correct password & SMS OTP.

Remaining options include: 1. give date(month year) of email sign-up, which most don't remember

2. pasword reset over alternate email address, which wasn't set during signup.

The only way for free gmail users to get help is support forum ran by gmail user volunteers, which didn't solve the problem. To me this approach to security, just seem super paranoic.

[kkarakk]

I think it makes sense to me, security that only works part of the time can be bypassed when it doesn't work.

However i've never encountered a TFA service that let you disable it in certain scenarios so i may be wrong

[icebraining]

Google has always given me other options, does it really enforce having a phone now?

[doughj3]

I don't know how they determine what options to offer, but using my phone was the only one given, despite entering a correct password. The only other option, which I either found from the "Learn more" link or after exhausting the "login with your phone" attempts, was to create a support ticket for my G-suite account which, in this case, would have been slower than returning to home a few hours later where I had left my phone.

[jgroszko]

There's an option on https://myaccount.google.com/security to turn off 2-step login.

[doughj3]

Sorry for being thick, but I'm not seeing it. This is a G-suite account (though I'm the only user / admin) so maybe it's different.

[binarycrusader]

From my G-Suite account (where I'm the only user / admin), it shows two-step verification settings here:

https://myaccount.google.com/signinoptions/two-step-verifica...

[doughj3]

That seems to redirect me to the same page linked earlier in this thread (https://myaccount.google.com/security). Taking a look in my admin console, it looks like "Allow users to turn on 2-step verification" is unchecked, so presumably 2-step verification is not enabled for this account. That's exactly what I want, but it seems Google is failing to abide when they think I'm a "hacker". Other people have had the same frustrations[0][1] but there is apparently no way to stop Google requiring additional verification at their whim. Ultimately that means Google controls when I can and can't login to my account, so it ceases to be a usable product for me.

I appreciate your help, though!

[0] https://support.google.com/mail/forum/AAAAK7un8RUP1RC23nwRZ4

[1] https://support.google.com/mail/forum/AAAAK7un8RUZvZQQfsawrE