New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Google shutting off use of less secure sign-in technology
farsighter
Member
Saw this in another forum, apparently Google is sending out an email that says this:
On May 30, you may lose access to apps that are using less secure sign-in technology
To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0. Learn more
What do you need to do?
Email software, like Outlook 2016 or earlier, has less secure access to your Gmail. Switch to Office 365, Outlook 2019 or newer, or any other email software where you can sign in using Sign in with Google.
Comments
that's why i cut off Google years ago
scum. they just want to have your phone number to keep tap on you.
They just pull out users who use older hardware and software for paid upgrade.
I see it when trying to install new Windows 11. - Your hardware is not supported -
Damn. Need to buy new special supported hardware to upgrade your OS?
Also Windows older than 10 is not compatible with Ryzen processors. FYI
Just generate an app password. Puts an end to the PMS.
Are you saying that Sundar Pichai has PMS?
99% of the users do not use this and 99% of the remaining 1% moved on from such ancient functionality years ago anyway.
OAuth has worked well for many many years now, why do people (and especially developers) still think cleartext passwords is a good idea?
I'd have no problem with this, BUT...
You cannot set an app password without having 2FA enabled, and you cannot enable 2FA without either giving Google a phone number or using a hardware token. And, yes, I know there is a TOTP authenticator option, but you cannot pick that one when setting up 2FA initially.
So, yes, what @Chuck said applies... and what @kalipus said is the best long-term solution.
They really want your phone number. Why can't I just use a downloaded authenticator without giving away my phone number to G-Spy?
What's wrong with Google doing a basic KYC? Have they actually shown to be using this information wrongly?
Because the average user will lose access to the authenticator and then be locked out of the account.
welp, that puts a hole into being able to use imapsync.....
the end is nigh.
You will still be able to use app passwords.
They mention it here under the section "Can’t use an app with my Google Account": https://support.google.com/accounts/answer/6010255
Was just reading that after my prior message. Still kinda sucks as you now have to enable 2FA if it's not already enabled for accounts you're going to be eventually axing.
Sure, good people have nothing to hide everyone should know us etc.
Given that pretty much every provider on this forum does a KYC (you need an address and phone number to register for most services here) and the submits it to a database (MaxMind, etc.), why don't we complain about them too?
It's different when it comes to surveillance companies.
Data in email accounts is naturally more private than in hosting companies, on the other hand serving problematic contents & activities can get hosting providers into troubles comparing to email addresses.
99% of the users don't use Outlook 2010, 2013 or 2016? That doesn't sound right. I know lots of people that buy the onetime Office and use it for years until something forces them to upgrade (these people couldn't read or be bothered with app passwords through Admin settings). And this will trigger many upgrades and $$$ for Microsoft.
Between this and killing free GSuite, Google is going to make Microsoft have a really nice quarter.
I’ve always been mildly confused why everyone is simultaneously outraged that big tech companies collect personal information for KYC purposes and also that they are spreaders of “misinformation”. It’s almost like the former is required to prevent the latter! Worldwide, big tech has gotten into a significant amount of trouble for this and their response is to develop stricter KYC policies, it’s really not that hard to see…
In your case, the difference you point out isn’t very strong. Google has no need for your phone number to track you, and such information isn’t useful for its algorithms that serve you ads. A phone number is … just a number. Google’s ad business is built on behaviour, a phone number won’t help it.
On the other hand, MaxMind can create infinitely more damaging profiles on people with lots of PII that most people don’t even know are being sent to an arbitrary third party while creating an account. MaxMind is also much less known as a company and has received much less public scrutiny.
I do not see why giving your phone number to Google is that much different from giving it to MaxMind.
Privacy? Those people doesn't understand? We are reaching the point that One day you don't will need to use your Apps or 2FA. Just only facial recognition...
I may ask you, do you agree to forcing everybody using that? Is a question of matter of time... This implementations is only a experience to see if people will accept or resist. After that they will implement in near future login with your face..
The privacy is ending.. the problem is this is a Giant in the market, there is nothing you can do. Yes we can use alternatives but who can guarantee they can't disappear from market? Gmail and others accounts are probably to survive and stand for years.
This things is disgusting... George Orwell 1984 good book to read and many others.
If password is safe? Isn't. But if you have long password with special characters still a good to go.
They aren't worried about your privacy, they use that as excuse. In the end they force users to left data. For example 2FA with Mobile Number. That's ridículous for me. You can have your account blocked for no have your mobile phone.
I don't care if my account is not secure. I will enable it when I feel that I want to do it. That isn't what is really happening. They force, they destroy your privacy as excuse to obtain more information about you and others..
I always will defend privacy, good to have 2FA available? Yes sure, for who WANTS. Instead of that, make sure others services is remain safe.
I mean forums, blogs, websites or other tools instead focusing providing 2FA or Google Auth. Focus on encrypting data of users, security measures. Like end-to-end encriptation and many more.
I'm freedom of speech and privacy defender. No matter what (of course with some exceptions) but privacy needs to be there and we should protect privacy even if have to much available or not. We should fight for Privacy Data.
When a hosting asks for my ID. I refuse and I always will refuse. No matter what. Fuck them. They have the right? Yes. But not for me certainly. (and no, i don't do any illegal activities on VPS) but if someone day any hosting require that. I Open fast a dispute in PayPal or other payment (if possible) other way is refusing to use it and requesting Money back.
In near future people will realize that what we are doing right now, will be a consequence. Of huge lack of privacy, there is no return...
For this reason I always will support providers and projects like TOR, Qubes, TAILS OS, Whoenix,
Veracrypt, Incognet, njal.la and many other providers and services, they do the difference and that is the Key.
Thanks for bringing this up.
Interestingly, Maxmind is the only geolocation provider that had a CCPA opt-out, which is weird because it's very difficult to argue that the geolocation database itself provided information about a specific consumer, as opposed to providing generic information about groups of consumers.
Only now could I make the connection that Minfraud is basically Maxmind's way of enhancing geolocation datasets. In fact there are some IP ranges that Maxmind has extremely accurate information about, yet geolocation based on WHOIS records or traceroutes from vantage points would yield very generic guesses about their location.
As for why Maxmind doesn't get scrutiny? It's largely invisible to your average user and doesn't involve as much cognitive strain, but a big corp making a policy change such as increasing the security of passwords means some work is involved on the part of the user, and a very easy way to make sense of the situation is to just label them as "evil".
...
I'll tell you how it matters:
1. Many (probably most I believe) people have more than 1 Gmail account for various reasons.
2. SIM cards are of course much more limited resource than email addresses.
Now, lets say someone has 3 Gmail accounts, 1 with 2FA and 2 other with password-only and he wish to keep it that way (because the 2 latter are used for his sexual life for example, or whatever) - once Google enforces the 2FA condition they'll be able to link the 2 additional accounts with his real identity through his phone number (otherwise he'll lose access).
Do you believe Google will refrain from merging all his data into 1 file in such a case?
I'm not saying that giving your phone number to smaller companies is always the best choice only that the risk and damage potential is smaller (and your identity will be traceable anyway if you pay to a company, with or without a phone number).
2FA should be left our choice.
Enforcing 2FA like that is a patronizing and invasive move.
People have every right to choose to have their account "less secure" it's not anyone's business.
And Google agrees with you. Feel free to migrate to any othe provider you like and have as shitty of security as you want.
I already took action years ago so no problem, but many people will be pressured to compromise soon (unfortunately there's no law of email portability).
Also, Google has a clear reason for enforcing stronger account security: if a gmail user gets hacked, it could have some amount of detrimental affect to the platform as a whole since now gmail has to deal with spam filters flagging their IP address as well as the complicated situations when someone loses access to their account altogether and requires manual human intervention to recover it and cries on the internet about Google support is useless.
It is in Google’s best interest to force 2FA because it means less hacked accounts and less issues with spam coming from their network.
Dammit, stop making rational arguments. People want to be pissed. ;-)
They already would have from IP and browser fingerprinting, etc.
Also I can't see a requirement to have a backup phone number, but isn't the Google authenticator (which probably has Chrome extension?) an option instead of a backup phone number?
IP detection and browser fingerprinting can be easily avoided with almost zero effort. This data is available to any app you communicate with on the net.
AFAIK Google authenticator is only available for mobile devices. Since most devices are Android based you'll of course serve them your identity on a tray when you use Authenticator to access accounts that you prefer to remain anonymous.
I really feel some people are playing it naive in this debate. It's not a secret Google is doing all that (and much more) just to collect phone numbers and all possible data. Safety is just their excuse. This is not new you can read online (in case you never encountered such practices by yourself, which I doubt):
Google demanding phone number for verification - even when phone number was NEVER attached to account...
https://support.google.com/mail/thread/119781305/google-demanding-phone-number-for-verification-on-public-network?hl=en
Google is requiring a phone number (forced phone verification) on account creation:
https://support.google.com/accounts/thread/34403939/cannot-create-a-new-google-account-it-is-requiring-a-phone-number-forced-phone-verification?hl=en
Thousands more complaints can be found online.
Encountering sudden demands for a phone number has also happened to me several times when attempted to sign in ('unusual activity' is their regular excuse) and once you encounter that demand of course they won't leave you (even after switching back to home/college network) until you provide them some phone number.
Then they use your phone number to link all your data like a puzzle and map out your personal connections.
In the future they'll also find excuses to demand biometric data, wait and see. Only @ehhthing & @skorous will applaud them like loons, safety first...
Piss off. I merely pointed out that your demand they run their network the way you wanted is entitled and stupid. They have the right to run their network however they want. Also, the reduced account compromise is a valid argument whether or not it gets them information they want.
.
You cannot simply keep stating the same unproven points over and over again and expect people to suddenly believe you. The entire argument is around this singular point…
Arguing the difference between naivety and pragmatism is a fools errand. If you don’t trust Google, you don’t need to use their services.
use other 2fa software instead, I use bitwarden