|
|
|
|
|
|
by Yardlink
4252 days ago
|
|
|
It's still two factors. If someone has only your phone but not your password, they still can't log in. The problem here is that the phone number was also used as a password recovery option, which effectively means you only need the phone to log in. I suspect most gmail users with 2FA are doing this, which defeats the purpose of 2FA. It just becomes "different factor". It's the password recovery by phone that's the weakness. But I think people getting locked out of their own account is probably a bigger problem for Google than people getting hacked, so they err on the side of saving your from getting locked out. |
|
|