|
|
|
|
|
|
by nyuszika7h
1357 days ago
|
|
|
> I'm really curious. What would you propose? The solution is very simple. Don't force 2FA. I'm sure most homeless people would rather risk the unlikely case of their accounts being hacked if they didn't choose a strong enough password to memorize than risk getting locked out of their accounts permanently. You can encourage 2FA but forcibly enabling it for everyone does more harm than good, especially to homeless people but also non-tech-savvy parents and such (though the latter would be more likely to have a working recovery method). |
|
|
And then in alternative-universe HN people are complaining about the rate of account takeovers via credential stuffing and calling Google irresponsible for making it easy to disable a powerful security measure.
> You can encourage 2FA but forcibly enabling it for everyone does more harm than good
I'd wager that pretty much the only people on the planet who can definitively say this are the people who handle account takeovers and lockouts of large email services. My understanding is that the folks at Google responsible for this have concluded that making it behave the way it currently does is the setup that causes the fewest people to lose access to their accounts.