[mato]

Here's an idea:

Why not allow the owner of a Google account to delegate a trusted third party who can handle MFA/otherwise approve logins on their behalf. I kind of do this already by setting the recovery emails for family members (especially aged parents) Google accounts to those that I control, but to my knowledge it is not possible to do the same for the mobile number used to secure the account.

This way, at least as I imagine the authors scenario, the library's regulars could delegate them as the trusted third party, problem solved.

Oh yes, and also what they write -- add an on/off setting for "Be less anal about logins from unrecognized devices".

[ocdtrekkie]

So the biggest problem is that every optional feature you offer up does not help when someone walks into the library already locked out. The vast majority of society will never be aware of available options and features for their Google account, so it's only the default behavior that matters. Most people locked out of their account could've set up some sort of way to get in (like backup codes), if hindsight was 20/20 and they knew a lot about Google accounts.

You could add a feature like this, and maybe it helps one out of every hundred people who try to log in at this library, and that's optimistic at best.

[mato]

> So the biggest problem is that every optional feature you offer up does not help when someone walks into the library already locked out. The vast majority of society will never be aware of available options and features for their Google account, so it's only the default behavior that matters.

Fair enough. I live in the EU, we all have state-issued ID cards and no cultural problem with using them, so presenting those via some channel to Google would work here, but I can't imagine it working in the states.

[vxNsr]

Or how about if google sees you log into a computer associated with a library IP address more than once it offers to help you set this up. With some sort of special dialog that specifically targets people in this situation. And it periodically reminds you to confirm you still have these recovery codes saved somewhere and if you don’t helps you create new ones. I know this isn’t google scale but it’s a nice feel good story that google could trot out at I/O

[Karunamon]

At what point is it reasonable to start assuming basic security/computer literacy on the part of the public (to the point where, if you screw up, it is your fault for screwing up and not the computer/companies fault for not telling you something)?

This is an open question. We are not there yet, but at the same time I don't think it's tenable in the long term to be in the state of assuming the user can't be trusted to know what 2FA is.

[ocdtrekkie]

So, my grandmother knows drastically less about computers than she used to. She actually previously used email with regularity, and has since forgotten about even the existence of the email account she had for fifteen years. Unless we have a cure for memory loss in seniors, new less computer literate people will be occurring every day.

So the answer is, unfortunately, never. There will always be people who are not computer literate, and if we want basic services to be available via the Internet, as many government services now are, we have to include systems that include these people.

You can't just discard the poor because they aren't computer literate.

[Karunamon]

The problem is that "friendly" systems designed for the computer illiterate tends to be obstructive and unproductive for the vast majority of everybody else and that holds just as much in a real-life office as it does on a computer screen.

The term of computer illiteracy is useful in more than one way, and that is literacy. We don't structure our societies (including basic government services) around people who cannot read, instead, we we structure them around the understanding that the average citizen can read, and treat regular illiteracy as a problem to be solved, and in the first world where computer literacy is even a problem that can exist, it mostly has.