[al_borland]

I have a huge problem with companies using their own apps for 2FA.

Google started doing this for Gmail. To use Gmail on my laptop, I need to approve it with Gmail on my phone. I never signed up for this. I’m now afraid if I delete the Gmail app from my phone that I’ll lose access to my email.

I hate the direction “security” is taking us. It’s done in the name of security, but it feels more like blackmail to get and keep the company app on your phone.

[c-hendricks]

Is that a thing Google logins can be set to require? I _can_ use the Gmail app on a device for 2FA, I can also press "try another method" and use any 2FA app.

[al_borland]

I guess I’ll have to look. It just started happening one day.

One huge fear I have no is breaking my phone while away from home and getting locked out of everything.

I was on vacation several years ago and broke my phone (the only time I’ve ever done that), and got lucky in several ways. I had a 2nd work phone with me. I was able to use that to call an Uber to get to an Apple Store; I was lucky to be in a city with an Apple Store. Then I got lucky again that I was able to talk Apple into giving me a replacement right there instead of a repair, they happened to have a single phone in stock to do that with. Then I got lucky yet again when I went to set it up, because I had an iPad with me by dumb luck, which was able to do my Apple 2FA that I didn’t sign up for.

If I go somewhere with just my 1 phone and no second device… I’m thinking I need to setup and bring a bunch of recovery codes, which has its own risks. My plan would be to cryptically write them down and put them in a money belt, as if those got into the wrong hands I’d be screwed.

I really don’t know what people do who only have a phone and nothing else. It seems they would always have this risk.

[Pxtl]

i do like how many apps are starting to play nice with 3rd party authenticators. i use ms authenticator for a bunch of things. Although knowing MS it has some massive license fee for them to support.