|
|
|
|
|
|
by fweimer
1512 days ago
|
|
|
Google asks for a phone number in this context even for accounts which are integrated with an external identity provider and for which Google does not need to (or rather: must not) provide a recovery option. Furthermore, in most countries, phone numbers (especially mobile phone numbers, as suggested by Google) are very susceptible to targeted attacks, so I hope that Google does not use them as a recovery option even for non-corporate accounts. I think it's some sort of state machine glitch that this account feature only becomes available after adding a phone number. I couldn't come up with any other explanation. And I really hope that the static passwords stay indefinitely because the XOAUTH extension for IMAP is brittle, hostile to open-source software because of the API key requirement, and does not add security anyway. (I wouldn't mind manually rotating the passwords once per quarter, though.) |
|
|