[m-s]

Having 2FA set up usually gets around those pesky risk-scoring algorithms.

[trasz]

At the cost of introducing other, even worse problems.

[aoeusnth1]

What are some of these worse problems that MFA introduces?

[trasz]

Not being able to get to your account when you lose the phone; having to run extra software.

But also, frankly, I just don't trust Google to implement this correctly, given their track record. Google sure employs a lot of smart people, but the quality of their products and services is generally crap.

[jfrunyon]

> Not being able to get to your account when you lose the phone

Really? There are scratch codes for that. Or you can use an app that backs up your TOTP key for you, like Authy. Or you can store your TOTP key manually. Or you can have multiple devices. Or...

> having to run extra software

Oh, come on. Are you really complaining about having to compute an HMAC?

> I just don't trust Google to implement this correctly, given their track record.

Huh? You do know "The day Google forgot to check passwords" was fictional?

[trasz]

So yeah, the additional problems this introduces do have workarounds. Still, the point remains: this adds new problems for no gain (for me).

As for the track record: we are talking about a company that can't properly implement basic password authentication, see my first comment. And no, I'm not interested for possible reasons/excuses why is it so; what matters is that it doesn't work _for me_.

[jfrunyon]

> this adds new problems

It doesn't, though. Go actually read the article this time, not just the headline.

> for no gain (for me).

Sure. There's no way your system could ever be compromised. It's not like you actually click any of the links on HN, right?

> we are talking about a company that can't properly implement basic password authentication

[citation needed]