In one of the later posts, the OP writes that the homeless will lose any physical thing after N weeks. So what kind of 2FA would be homeless-proof? I don't see a solution.
Also, fully acknowledging Google and other bigtechs 2FA is far from ideal:
The other thing is, we want at the same time Gmail to be unhackable against best hackers and state sponsored adversaries for the billions of users, including high profile dissidents, journalists, and senators who will inevitably have accounts; and at the same time to homeless people who can't keep any physical thing. It's kinda difficult to meet those conflicting requirements well at the same time.
Maybe the solution should be to have some basic free state-paid email provider for those people. They are not forced to use Gmail specifically (albeit the number of non-sucking and free email providers is probably close to zero).
> ... the homeless will lose any physical thing after N weeks. So what kind of 2FA would be homeless-proof? I don't see a solution.
How about the homeless person remembers a good password, and that's all that's needed for authentication? You know, just like it used to be. What exactly is wrong with that?
> How about the homeless person remembers a good password, and that's all that's needed for authentication?
Gosh, I don't know, how about literally all of the problems that 2FA solves in the first place? Passwords alone are a bad solution (often forgotten, easily re-used insecurely) for people without all of the challenges and frequent mental issues that accompany homelessness, why would you think they'd be a good solution for people who, as the OP says, aren't capable of keeping track of a physical device for more than N weeks?
I'm not unsympathetic to the problems of the homeless ant the burdens 2FA entails, but I'm also not willing to ignore the huge problems the 2FA solves, and realizing there will often be a tradeoff between making it very difficult to hack into accounts and making it easy for people with mental and other problems access their accounts.
Frame challenge - 2FA doesn’t solve any problems that are actually problems for the homeless.
A homeless person has a vastly different cybersecurity paradigm, specifically, they don’t need much in the way of cybersecurity. Nobody is stealing a homeless person’s identity.
Given that, just let them disable it, and let them just use a password. It’s fine to rate limit them if they forget the password a few times, but let them keep trying to log in until they remember it.
I think this comes from a supportive mindset, but working with homeless populations over the years I think they often were more at risk than many other groups. Significant numbers deal with domestic violence or otherwise abusive relationships, as one example, where these kinds of security issues can be life or death, and they often lack the digital hygiene skills many folks take for granted (I think half the folks in a computer lap I worked with left their password saved when chrome offered to remember it, or even wrote it down in a text file).
Wouldn’t a homeless persons identity be ideal to steal? There are lots of illegal immigrants that pay big money for a clean social security number and other things. It would probably take a homeless person longer to realize their identity has been stolen than a non-homeless person.
>why would you think they'd be a good solution for people who aren't capable of keeping track of a physical device for more than N weeks
Homeless people have no physically secure place to store their possessions. The reason so many of them lose cell phones is because they get stolen or destroyed. It's not because they're incapable of "keeping track" of them.
2fa is a good option, but there are many situations where a plain password is just superior. if you ignore this reality, that passwords are legitimately more secure and better for a lot of people, then you're undermining an existing working security system and will just cause chaos and loss for people.
"There is an imperfect existing solution, with a problem, therefore we will ban the existing solution and move to a new, better one"
... should require extraordinary certainty in completeness of ones new solution before banning the previous.
There are very few times when the legacy method should be deprecated, and Google is the poster child of someone who shouldn't be trusted to recognize them.
(Looks pointedly at Chrome mv2/3 hubris and implementation clusterfuck)
> Chrome mv2/3 hubris and implementation clusterfuck
I'm not sure why you think MV3 is a clusterfuck, it seems like it's doing exactly what Google wants. If you're confused by that, remember, you're the product, not the customer.
Assume I'm talking about something deeper than generic HN cliches. ;)
Pushing an implementation cutover by +6 months, and changing it from a hard to a soft date, because it has so many unresolved issues, incomplete APIs, and angry developers seems a fair definition of "clusterfuck."
The great thing about something like an email service is that password guessing can be extremely rate limited. You miss three guesses and you can't log in for several hours. So an easily remembered password is perfectly fine unless it is blindingly obvious. As a homeless person loosing access to a phone on a regular basis, I am going to be comfortable with the risk that the Gmail password hashes might get leaked. I think others would be quite comfortable with that risk as well...
Many of the reasons 2FA is added by product managers and engineers is because they are too lazy to actually solve the problem in a way that is empathetic to actual, breathing humans and instead bulldoze through the problem in the least usable method possible, call the problem "solved" and move on to shinier problems.
Just because 2FA "solves" the extremely narrowly defined problem, doesn't mean it is the best solution or even something that people can and will actually use. Upon those metrics alone, 2FA is usually one of the worst "solutions" to the problem.
> Gosh, I don't know, how about literally all of the problems that 2FA solves in the first place?
It is clearly failing for this use case.
Security can't be seen as a one-size-fits all threat models. That will never be satisfactory, as requirements vary.
For most people in most scenarios 2FA is a net positive.
But denial of service is also a component of evaluating threat models. Here we're discussing cases where 2FA causes denial of service which is worse than any risk of getting the account stolen by password guessing.
If you forget your password — it's YOUR fault. If you reuse your password and it gets leaked — it's YOUR fault. If for some reason you cannot fix yourself, and have to rely on Google 2FA for that — good. Somebody who can manage their own passwords alright shouldn't suffer because of you. How about his just using his password, and lose his accounts because he fucked up, not because Google (or anybody else) suddenly thinks (incorrectly) that it's not him anymore, who uses that login and password.
> Gosh, I don't know, how about literally all of the problems that 2FA solves in the first place?
Well, it isn't solving this one. Option to opt out would be nice.
> aren't capable of keeping track of a physical device for more than N weeks?
Bit ignorant of you. They could be just plainly stolen by someone else. A piece of rag working as a tent doesn't exactly have best physical security...
> I'm not unsympathetic to the problems of the homeless ant the burdens 2FA entails, but I'm also not willing to ignore the huge problems the 2FA solves, and realizing there will often be a tradeoff between making it very difficult to hack into accounts and making it easy for people with mental and other problems access their accounts.
Also they're frequently arrested, and if their "belongings" are unsafe (biologically contaminated, disgusting) they'll be discarded or ignored by police, if the person hasn't seen the police coming and thrown their belongings aside in the hopes of coming back for them later. Sad all around.
Over on /r/sysadmin there was a discussion this morning about email systems for dementia patients. How do you provide for someone that is forgetting that they are forgetting?
Pretty much EVERYONE will have cognitive decline in their twilight years. It would be nice if we could have communication systems that are compatible with basic human biology.
> It would be nice if we could have communication systems that are compatible with basic human biology.
At some point, this becomes a problem better suited to the government.
Imagine you have a loved one who has dementia or is homeless and incapable of administering their digital accounts with traditional authentication methods. You want to take over their accounts.
You will need to present evidence that:
- they are indeed incapacitated
- they are who they say they are, aside from you vouching for them
- you are who you say you are
- you legitimately represent this person
- there isn’t somebody else who has a better claim at representing that person
I personally don’t want any tech company in the position to sort through all of that on a case-by-case basis and decide which accounts to unlock or transfer ownership to. Let the government or the courts figure that out.
The average person cannot remember a good password without some help, be it using it everywhere, writing it down, or using a password manager. Homeless individuals, on average, have many more stressors in life, much higher rates of traumatic brain injury, and a number of other factors that make their ability to remember good passwords much worse than the average person. Given this solution doesn't work for the average person, it will have even less success applied to the homeless.
How many passwords does an homeless person need to remember ?
I’m with you that an average person is probably using at least dozens of services that need credentials, but these people are probably not login on Amazon or checking their 401k online for instance, nd can probably get by with a a very limited set of stuff to remember.
I don't know how dire it is in general, but there's at least a fighting chance to have some kind of unified login at that level. NThinking about it, now that many "casual" sites also accept google login the number of accounts needed might really be minimal.
Unfortunately (at least in the US) these types of services tend to be a patchwork of different agencies at different levels of government... you'll potentially see local, regional, state, and federal all for one person. If you're lucky agencies at the same level might share a unified login of some sort, but good luck finding that across different levels.
No. One can just remember a good password for gmail, and either use other passwords elsewhere (maybe bad, re-used, ones, or maybe good ones, not relevant if we're talking about gmail), or just always authenticate elsewhere using your gmail account.
Remembering one good password is not too onerous. Easier, it seems, that keeping any physical object in your possession if you're homeless. (I would assume that most losses are not due to cognitive failure, but instead are things like thefts when one is asleep.)
Even people not dealing with the stress and trauma of being unhoused have trouble remembering passwords - even when they're shared across accounts, let alone when they're unique. This ain't a "homeless people are dumb" argument; it's a "humans gonna human" argument.
> PS: Many unhoused people access their email rarely, intermittently; they don't stay logged in. They often have to guess several times to remember their password.
2FA doesn’t work, and remembering passwords doesn’t work either. Checkmate.
Having to guess several times != having forgotten your password.
I think what this actually calls for though is a way to prove your identity by talking to an actual human. Something that used to be the standard before tech companies declared that it was too inefficient.
Your thinking of SIM swapping attacks. SIM cloning is much harder without breaching the SIM manufacturer (often Gemalto or another giant vendor).
Rerouting traffic with a malicious home ___location record (like what was done to Merkel for years), or changing the eSPID/NNID for a numbers texting enablement is much easier than doing a SIM swap and you can usually avoid detection too.
The irony of SIM cards being a cryptographically strong smart card and then carriers let their employees give out replacement SIMs left and right. Ah, humans.
fun fact: SIM cards can run applets based on Java. That’s how mobile payments are able to work in developing nations. I think there was a DEFCON talk about it a few years ago.
> They often have to guess several times to remember their password.
I think pointless password rules are at the heart of this problem for many non-technical people who probably haven't been operating with a password storage solution and might not be used to that system or trust it.
Every platform has their own special requirements for passwords: some require a mix of capital and uppercase letters, some require numbers, some require a special symbol, some require a special symbol but no not that one, some restrict you from entering 3 of the same character in a row, some passwords have a short max character limit, some prevent certain characters like spaces, some require you to change it every so often, etc. Eventually, the password is forgotten or confused with another because of these pointless password rules.
I called them pointless password rules because they reduce the possible number of combinations required for an attacker to guess the password because any guessing program knows what can't possibly be valid combinations.
If a person can remember a password that is a minimum of 8-digits, they can remember an 8-digit backup code that is already provided by google. They are functionally equivalent, but a backup code is one-time use.
So the choice is for them to permanently lose access to their email?
Homeless people aren't stupid and strong password don't have to be incredibly hard to remember. I'd rather get my accounts hacked because of password reuse than lose access to my email, forever.
There is literally nothing more important than your email. Even stuff like your bank account has secondary means of recovery, whereas if you lose access to your email you're pretty much fucked.
> I'd rather get my accounts hacked because of password reuse than lose access to my email, forever.
When your account is stolen the attacker changes your password. You lose access to your email forever and lose access to all of the services that use your email as a recovery platform.
Who's to say that your email account getting hacked is less dire than losing access to it? Attackers can easily search your inbox for 'verify your email', visit any website of value, and use their access to change the account away from your email to an address that they own, effectively removing your access to your third-party website accounts entirely.
I don't know that it is less dire, but I do think it's less likely. Are homeless people's email accounts getting hacked three times per year?
Also... maybe getting hacked is worse, or maybe loosing access is worse, but the user should have the right to make that decision! Google can set the default, but the user knows his or her own life.
Because you can still use an account everybody knows the password of.
It's a terrible place to be in, but isn't nowhere as bad as being a homeless person with no access to HN and Twitter, having Google delete your account and nowhere to complain about. Because that is even worse.
> So the choice is for them to permanently lose access to their email?
If an attacker breaks in and changes your password, you already do very likely permanently lose access to your email. Account recovery from that point is a hairy process even for people who have a place to safely store important documents, let alone those who don't.
> Even stuff like your bank account has secondary means of recovery
Those rely on forms of identification that the unhoused disproportionately lack (for the same reasons that they are more prone to lose access to phone numbers). This is also among the reasons why being unhoused tends to correlate with being unbanked.
> I'd rather get my accounts hacked because of password reuse than lose access to my email, forever.
This is functionally the outcome of getting hacked, if you want any kind of decent security measures.
Any way that Google can give you access back on a password-only account is going to be rife with bad actors using social engineering to gain control of accounts. As long as that form/page exists, it is a threat vector.
What you're asking is for the password to be the only proof that someone owns an account, which means a hacker can demonstrate ownership just as much as you can.
Banks have more options for account recovery because we're willing to give them a lot more info. They can force me to come in to a branch and compare my ID to my face, or ask for my SSN, or any number of things we're not comfortable handing over to Google (especially over the web).
I would rank a home as more important than email; I'd certainly rather lose access to my email than my home.
But by definition, the homeless have already lost a home (assuming they weren't born homeless) - and I've forgotten passwords before. So "the stupid homeless just need to memorize their password" isn't a solution.
Except that they're already losing access to email, forever. A small chance of it happening because of a hacker is better than a statistical guarantee of it happening from phone theft.
Th GGP was speaking in the first person. I personally have had hackers try to break into my account before, but have never lost my phone number. Furthermore, notwithstanding the policies of the "obamaphone" program, I would be able to recover my phone number if I lost my phone. So, speaking for the vast majority of people, it would be preferable to have losing my phone number lock me out of my account than having my password leaked lock me out of my account. If that is the dichotomy, and if we still care about the welfare of the average person, the correct choice is incredibly clear.
Is it though? Just because a password leaked doesn’t mean it will actually be abused. A homeless person without a credit card in their Google account is naturally limited in the amount of damage that can be done.
Security questions are probably enough, at least for people who can’t handle 2FA.
So you are saying that the homeless using plain passwords is wrong because tech giants want to collect personally identifying information under the guise of security? How does that make sense?
How do you remember a complex password? By practice? On what device? I’m sure those involved have bigger things to worry about/remember than a complex password to email.
I don’t think that is the solution. I also don’t know what is.
Public services that somehow provide safe access to email etc?
The same way I remember everything else: I think about it enough. There are plenty of good memorable password mnemonics out there, too. So that seems a non-issue.
In any case, I'm sure those involved would prefer the option of remembering a password to not having that option and getting locked out forever. Seems like a good solution. There may be better ones you can implement once this one is, always room for improvement you know
What works great for me is using _songs_ , ideally a sentence not directly from the chorus of a lesser-known song, complete with punctutation and some obvious replacement rules (such as `and` -> `&` ) . The reason why this works so great is that many people have some obscure song "in them" that they know by heart but which are not super widely known.
I only had to change one of my passwords once when my coworkers discovered I was reliably whistling "Stayin' alive" after logging in.
Complex doesn't mean hard to remember. XKCD936-style passwords (four words with no special chars) are nearly uncrackable and quite easy to remember. Something even simpler like [mother's name][father's name][year of birth] is also very strong when you aren't being targeted specifically (you almost certainly aren't, especially if you're homeless). The remaining issue is password reuse, but that's mostly solved by having two passwords - one for your email and one for everything else.
A good password is one that is difficult to crack which potentially means it will be difficult to remember. Long phrase passwords are recommended to be the most secure, but ironically the more convoluted the password, the harder it is to remember. In the case that a service requires a new password every x months, remembering a secure password is out the window. This type of practice encourages unsafe and easily guessable passwords such as “password1”, “password2”, etc…
Quite simply there are multiple factors at play here. Do you force 2FA on almost everyone and reduce hostile account takeovers to negligible? Do you allow for no 2FA and permit the homeless use case?
I think Google faced a trolley problem and made the right decision. You need a different tool "homeless mail" for them.
It's Gmail. You don't have to use it. There's a lot of mail providers out there.
Whatever, if this guy won't set it up I will. I'll stick a 20 msg / hr, 100 / day limit on it and call it a nice anti-spam day.
Based on Google documentation you can still turn off 2fa, so we are weighing the account security of the hundreds of millions of users who would never turn on 2fa but really should, versus the people who lose their 2FA verification method and are locked out of their account. Maybe the harm of not being able to login is worse than having your identity stolen but whose to say.
You don't solve a trolley problem. The entire point is that it's unresolvable from most ethical paradigms other than naïve utilitarianism (which is why it exists - to mock that way of thinking).
That's exactly the point here as well - well, without mocking the utilitarianism. It is natural that a corporation optimizes to its customers within the envelope of regulatory constraints.
I've often wondered that with a valid ID, that the gov does not give us an email noawdays. Especially one that does not require this asinine phone-validity garbage. I'd even suggest that maybe not use email-addresses as a login-name along with plenty of alias's for inbound and outbound that do not expose your "main" or account.
And google is not alone here; many other major "free" email providers require a phone as well (dagger eyes at you, MS, yahoo, ect); and the icing on the cake are some websites even require a particular set of domains to register with them to prevent multi-accounts/bots/spammers/ect => just a big ol download-spiral of decisions that feed into eachother, just to put a physical ID on anybody to tag-em-to-sell-em
The biggest gripe is that it is mandatory; it is not an option and nothing we can do about it other than "vote with our wallets" - and google does not even allow ToTP use as an alternative to phones, lol
The beatings will continue until morale improves; always has been, always will
> I've often wondered that with a valid ID, that the gov does not give us an email noawdays. Especially one that does not require this asinine phone-validity garbage.
Can you even imagine the nightmare of trying to police the usage of such a thing? Everything from simple spamming to harassment to child pornography, all complicated by the stricter scrutiny the government gets for who it can decide not to provide services to.
That depends greatly on if the systems in question are expected to provide universal service or not. This is perhaps the crux of the question - do we expect Google to operate as a public service capable of delivering service in a way that meets the needs of 100% of the population? Or do we think it's acceptable for Google to decide that they're happy with 98%, modulo things like the ADA?
USPS serves every US address. Lone Star Overnight is allowed to mostly serve Texas without a requirement to also serve Maine.
Which category do we want Google to fall into? This kinda smells like we're expecting it to be a universally provisioned public service, but provided by a private entity with private funding.
> So what kind of 2FA would be homeless-proof? I don't see a solution.
There are three factor categories, what you know, what you are, and what you have. A password is what you know. A phone is what you have. Biometrics are what you are - facial recognition, thumbprints, etc.
2FA in one manner or another is used by various services, because the security recommendation is to pillar identification by at least two of the three factors.
For your question, there are any two from the three factor categories that could be used.
However, there are also limited versions of a single category that are often used as a backup when 2fa is not available. In this case, google uses backup codes when "what you have" is not available. Backup codes are functionally equivalent to passwords, except that they are limited to a single-time use. Limiting use is often a method of using a single factor category, when another factor is not available.
Another method is to rely upon another authority, such as using a physical ID card that can be validated in order to let a person back in.
> In one of the later posts, the OP writes that the homeless will lose any physical thing after N weeks. So what kind of 2FA would be homeless-proof? I don't see a solution.
This is not a technical problem and should not be automated away.
Rely on trustworthy third parties. Universal utilities like Google should have retail outlets which are adapted to local conditions and can exercise educated judgement. In some countries, the police might certify the identity of the individual, and then Google could trust that certification. In another place, it might be some combination of the Red Cross and a public hospital. Obviously some identifications will be easier and others harder - if a person in New York claims they are the owner of an account based in Spain, the employee should be suspicious and require a higher burden of proof (and the reactivation might be logistically more difficult).
> The other thing is, we want at the same time Gmail to be unhackable against best hackers and state sponsored adversaries for the billions of users, including high profile dissidents, journalists, and senators who will inevitably have accounts;
I'm not really convinced high profile dissidents, journalists and senators (why senators?) should be trusting Gmail to protect them from state sponsored adversaries. Google generally wants to do business in territories controlled by states which means they have to follow laws and will sometimes be subject to intimidation; but they have no intrinsic motivation to be unhackable.
> Universal utilities like Google should have retail outlets which are adapted to local conditions and can exercise educated judgement.
Sorry but this just isn't happening, and if there is regulation to make something like this happen, companies will just turn off their services. Plus this would essentially seal off competition: want to run an email hosting startup? Guess you have to manage real estate all over the world and work with every government.
This whole conversation seems backwards to me. Yes, it should be easier for people to recover their accounts, but should governments be totally reliant on private email providers for communicating with people who need services?
The story, as I understand it, goes something like this: a case worker emails a homeless person, the homeless person can't access their email, and then the case worker denies them access to programs because they never got a response. That is not solely an email problem---it's also a huge problem with these programs and services! Why don't they provide identity services and retail outlets to help people get the resources they need? Why are governments shoving this responsibility into the private sector?
> Guess you have to manage real estate all over the world and work with every government.
Or, you know, pass a deal with post offices or banks. Bank ID is pretty widespread in nordic countries for instance.
But as with other topics (e.g. banking services) we're getting the usual HN answer where anything unheard of in SV but common elsewhere is considered luxury science fiction.
Google’s advanced protection program is probably the most secure way to have an email address if you believe you are likely to be targeted by a sophisticated attacker. It requires a security key to sign in every time, limits sign in with Google, and only lets you use Gmail, Apple Mail, or Thunderbird as your email client.
Why Senators? They’re high ranking US government officials, they’re a prime target for state sponsored attackers.
Other than Protonmail I wouldn’t trust anyone else with my email. Gmail is close to if not the #1 non-governmental target for state sponsored attackers. The NSA runs secure email for TS-SCI communications but they don’t want to have to teach John Podesta how to not get phished, and Google has the best defense against those attacks if you enable advanced protection.
I don’t think there’s any universe where a company runs an international chain of retail outlets in order to support a free email service. If that were the standard, free email providers just wouldn’t exist outside of bundles with other services.
We treat email almost as we used to treat postal mail: we expect it to be available to all ("digital transition" replacing human-fronted public services with digital one).
If we treat it as a utility, it's fine to regulate it as such. If <big corp> want to make money, directly or indirectly, by offering email service, they should have some standard of service. If they can't we can just make it public service, which wouldn't let <big corp> make money out of it, but would also guarantee it's available to all.
Either way, eating the cake and leaving it whole, like it is now, shouldn't be an option.
Maybe we don't need to meet all those requirements simultaneously. The on boarding process could try to determining if 2fa would actually benefit you or not.
Well .. yeah. And I think that's what OP (of the twitter thread) is advocating (without explicitly stating it). Namely, that 2FA doesn't work for homeless.
>Maybe the solution should be to have some basic free state-paid email provider for those people. They are not forced to use Gmail specifically (albeit the number of non-sucking and free email providers is probably close to zero).
You don't need to use Gmail. There are a lot of good free mail providers.
Gmail allows users to generate 10 one-time use 2FA codes at a time. Even if you are not going to become homeless, you should generate these and write them down somewhere secure. You never know if your phone battery will suddenly die.
Drop the password requirement. Use fingerprints + face. Very hard to lose these, but not impossible. Note, this solution is 1.5FA, but would solve the issue at hand. (pun alert)
Very easy to lose the features of those that tracking systems identify, however. Scar tissue makes most fingerprint systems fail over the smallest of changes, and facial scarring is also, unfortunately, not an uncommon issue among the homeless.
Ignoring the issue of device accessibility - which is the crux of the 2FA problem.
This assumes they have a device that can read fingerprints/face. I'm going to homeless folks are also more likely to be on library computers, old phones, etc. and not have access to biometric sensors.
One possibility would be to solve the "can't keep anything on them" problem with a bracelet or something like that, like they do in hospitals. Something more durable and less valuable than a cell phone.
If they truly can't keep anything on them, someone who recognizes them needs to represent them. (A locker won't do - they'll lose the key.)
And if they have no friends they can trust (which is likely) then it probably needs to be a government worker of some sort, who has their photo on the computer.
I mean, unless you want to have retina scans to log into library computers or something. Or really reliable face recognition.
>The other thing is, we want at the same time Gmail to be unhackable against best hackers and state sponsored adversaries for the billions of users, including high profile dissidents, journalists, and senators who will inevitably have accounts; and at the same time to homeless people who can't keep any physical thing. It's kinda difficult to meet those conflicting requirements well at the same time.
It's only hard if you adopt a one size fits all approach to security.
Google's proclivity towards treating its users as an undifferentiated commodity isnt proof that its users couldnt be treated differently.
There is none. That's the entire point of the post: "something you have" doesn't work if you're at risk of losing all of your possessions at any time. So let them disable 2FA and rely on passwords - or even better yet, provide some way to actually talk to a person and verify identity.
We will need to design it, but India has a biometrics system (yes big bad privacy issues) called aadhaar which is used for authentication in so many systems. As long as you can build and secure such a system, and people get used to it, as they are used to Socials now, it can be used to unlock a whole lot of things.
Almost certainly is a bad idea. But the first thing that seems like it could work would be an implantable nfc yubikey. Then making more devices support nfc.
I know I would be pretty tempted to get an implantable 2FA device if one was available and seemed like it would have both broad and long term support.
> So what kind of 2FA would be homeless-proof? I don't see a solution.
Biometric? Amazon One's hand recognition would be a decent solution here, though I'll be damned if I've ever met someone willing to try it. And I ask, every time I go to Whole Foods.
For better or worse, I can’t set my password to be “password” or any other number of weak words, and also need a number and symbol. Same principle in practice here.
It's realistic to expect people to remember a difficult password eventually. It's not realistic to expect them to recover the SIM card from a phone that was stolen from them in the middle of the night and pawned for drugs or broken down into parts.
Why would a strong password and needing an entirely different communication channel be the same thing? That's like saying walking to work and needing to drive a car to work are the same thing.
The problem with biometrics like that is that if the data is stolen or otherwise accessed then it can't be reset. If an attacker has your fingerprint and you use that for 2FA you can't reset that to prevent them from having access.
I can definitely understand not realizing that you could lose access to your account if you lose your phone number. But once it happens the first time, could you not pick any free email that does not require 2FA, and warn fellow homeless to avoid gmail?
I disagree with the idea that because a very, very niche audience is in dire straits that the design decisions should be based on their needs. The forced 2FA system has probably prevented identify theft and financial loss for a very large number of people. I'm saying this as someone who thinks Google is a shady and dangerous entity in general.
It's similar to the idea that hard cases make bad law.
The phone number decision is stupid. I up and jump countries every few years. Each time, I'm switching to a new number. I'm the opposite of homeless, I'm that jet set elite. The idea that you want, need, should or will tie your identity to a phone number where people can always reach you is long outdated.
What’s painful is that I’ve ported my phone number out to a VoIP provider similar to Google Voice for exactly this purpose, but something like 25% of providers now block using SMS for 2FA unless it’s tied to an approved mobile phone operator.
Turns out 2FA is also being used as a low-effort form of a captcha in addition to being a tool for data harvesting and “device identification”. I wouldn’t be surprised if legitimate users simply never receive a 2FA SMS because someone used a prepaid phone or something.
Was just reading about how Overwatch 2 won't let people register with a prepaid phone number.
I'm sure there is some good reason to want to avoid people spinning up free or ultra low cost phone numbers to make extra accounts but some users were like, "I've been using TracPhone for a decade" or something like that. Also pretty surprised that it's this easy to detect the carrier. Guessing we'll see this more and more!
The problem will solve itself. People unwilling to sign up for a mobile plan for playing a game will automatically boycott the likes of Overwatch 2, which will result in revenue lost (perhaps to competing games that allow prepaid cards).
I have only ever used prepaid cards. I would rather be cut off from communication (or buy a local prepaid card) than get a surprise bill of hundreds of euros for visiting a country outside the EU.
I guess a lot of people have the same thought process as me around Europe, because there are lots of smartphones available with dual SIM cards.
I'm not so sure the free market will resolve things here, because people who use prepaid mobile plans are also typically lower income. They might not be considered a significant loss on net.
Using mobile phone numbers as a makeshift captcha is the #1 tool any security team has to prevent fraudulent signups. Because they're expensive to get, it puts any attack at a baseline cost $x, so many would-be attackers that only stand to gain $y just don't carry out the attack when $y < $x.
Sticking my German sim card into my phone for fifteen minutes in all sorts of random countries and continents and waiting for a number to come through always feels absurd.
I pray for the rise of esims! I feel like it's on the cards.
I've been using eSIMs for the past couple of years for this specific use case, and while they certainly help, it's really just a stop-gap measure:
You still need your phone and cell signal to receive them (at least many European carriers don't support SMS over VoWIFI); the eSIM is "stuck" in your phone if it physically breaks (and on many carriers, you can't re-use an eSIM QR activation code in any case); in many countries, SIMs expire after a couple of months or even weeks of inactivity, losing your number permanently, to name just a few.
I've found Google Voice to work quite well as a workaround for almost all of these problems, but unfortunately, many US companies insist on not allowing VoIP numbers for 2FA or even plain account creation purposes. I usually try to avoid these companies.
I wasn't trying to be dramatic here: Without deleting an eSIM profile from a device, all implementations I know indeed disallow reinstalling the profile on another device. (The eSIM standard effectively enforces the singleton nature of an instantiated eSIM profile.) But of course most providers can re-issue eSIMs if required, just like they can mail a physical SIM replacement.
But in many cases, they either charge for it, require more or less involved bureaucratic acrobatics (including sending the QR code via physical mail as proof-of-address, because they've been burned badly by eSIM swapping), or both.
So the assumption that an eSIM activation (QR) code is more or less like a bearer token that you can keep in your password safe and use whenever required often does not hold true, especially when needed most (traveling internationally etc).
Fortunately, my provider is pretty good about it (I can instantly self-serve reissue an eSIM in their portal free of charge), but that seems to be the exception, and I also don't know how I feel about that, security-wise. (They don't offer 2FA, as far as I know.)
I thought I got everything moved over to an authenticator app before leaving home but I forgot one, I got a "check your phone for verification SMS" earlier today. My American SIM could get the text but my foreign sim was giving my laptop internet access. Big pain in the ass.
Eh, I greatly prefer ability to move the very reliable thing from one phone to another, just use another phone instead of going into paperwork to move it if my phone gets damaged or something
You do need to be able to receive a texted code at a phone number to create a brand-new account. This is to deter spammers from creating lots of accounts. But once that's done, you can remove the phone number from the account.
I've lived in different countries along the years, it's simple and best to just keep a permanent phone number in the country you consider the most like "home". Get a cheap phone-only plan, stick the SIM into a dumbphone or your second SIM slot. Done.
Not always a possibility. Many banks require phone number based 2FA, for example. And you're required to use it any time you want to make a transaction that exceeds some threshold.
Even if this is the case, this isn't a problem for the poster. They have a phone number, it just changes frequently. They can sign up, enroll in a TOTP or U2F system, and then they are set.
Except if you're using e.g. Google Authenticator and you lose that phone, you've now lost your TOTPs. The most unhoused-friendly solution there would be to use something like Authy instead (which is another password to remember, but at least it makes it easy to recover your TOTP keys on a new device without needing the old one); next best would be to use something like andOTP which supports backups (but then you'd need someplace to store those backups, which introduces the same problems as safely keeping a phone on your person).
The context for this post is a person who moves between countries frequently and therefore gets new phone numbers. This person has consistent access to the same phone.
I'm in the same boat; it's always a pain for services you don't login to that often but do need every 1-2 years. Account recovery ranges from "a pain" to "damn near impossible". I wasn't able to recover my PayPal account for example.
I also don't use my phone much, and the only reason I even have one of those things is because it's "needed" for so many things.
Absolutely true. I am a serial expat who has lost numerous numbers over the years by switching countries. I at least hope to keep the same basic online services running when crossing borders, but I swear, in the last couple of years, it has become an absolute nightmare. It is getting harder and harder.
you can also use a security key or a onetime password from an authenticator app (plenty of options for each) or a separate device logged into Google as your second factor. You have plenty of options
> The idea that you want, need, should or will tie your identity to a phone number where people can always reach you is long outdated.
Yeah I have no idea why phones still use numbers. It would be so easier if same address for e-mail worked for voice, just add some DNS records that point at my phone provider to ___domain and done.
Then again, spam calls would probably be so much worse...
> I can definitely understand not realizing that you could lose access to your account if you lose your phone number. But once it happens the first time, could you not pick any free email that does not require 2FA, and warn fellow homeless to avoid gmail?
Almost every free email service I've tried now requires a phone number to setup. Even protonmail required it for a brief while, although they now are back to captcha and a stern warning. I actually can't think of another free service besides protonmail that this isn't now true for.
An annoying trick some of them use is to allow you to setup the account and then lock it some time later. I've seen on immediate login (irritating waste of time) or after you've used it for awhile (what you used the account for is now held hostage unless you cough up a phone number).
There are over half a million homeless people in the USA right now. And only a quarter are "chronically homeless", meaning for ober a year or more than once. There are many, many people who will be homeless for a few months at some point during their lives.
There are 1.5+ billion gmail users. I don't have stats, but that intuitively means millions of vulnerable people who could be scammed or phished or whatnot because they would never think of using 2FA at all.
Among those half a million homeless, how many use gmail and are unable to change for whatever reason? Among those, how many have issues with 2FA? Thus we advocate for increasing the vulnerability of millions to do something that would not even help the homeless that much. The whole problem of having to replace their phones every 12 weeks sounds like a far more pressing issue to investigate and find solutions for.
The number of gmail users in the USA is obviously significantly lower, and the number of homeless or people in similar situations globally is obviously significantly higher.
The homeless are certainly not a niche audience. There might be between 13 and 26 million people in the US alone who have experienced homelessness at some point in their lives [0].
Besides, issues around permanent access to security devices are not exclusive to the homeless. The problem described in TFA impacts a far larger segment of society.
Critical services are increasingly only available online -- and online services are increasingly critical. The people governing access to critical services are willfully ignorant to the difficulties that vulnerable people face, and often make those difficulties worse.
Besides the fact that this doesn't scale at all, not using gmail is arguably a bad decision. If you have an email address at shiftydomain.com, some services won't accept it because its low barriers to entry may have been exploited by spammers or similar.
This is the sort of performative response that is the problem. Let's say we force Google to switch off 2FA. Now we have exposed millions of people who don't know any better to phishing attempts and financial loss. And the group we are trying to help isn't really better off. There are so many other questions we could be asking. Why are they directed towards picking Gmail by default? Why is the system to give a replacement phone every 12 weeks instead of investing in a dedicated device that's much harder to damage or lose? Why is keeping the same number a hassle? Why are we tackling the problem with caseworkers instead of something more ambitious, that would ironically be less costly in the long run? There are so many angles we could go for, but instead we are stuck on this performative nonsense that gets retweets. It's pseudo-empathy at best, because it's not oriented towards a real solution.
> Why is the system to give a replacement phone every 12 weeks instead of investing in a dedicated device that's much harder to damage or lose? Why is keeping the same number a hassle?
If you're homeless, you're getting robbed. It doesn't matter that a yubikey would be worthless to a person mugging you, they'll take everything including the worthless stuff. Or you're being picked up by an ambulance and taken to a behavioral health center after a mental health crisis and when they do that they take your clothes off and stuff goes missing, even if it's worthless.
Keeping the same number usually requires paying into an account which requires being able to make consistent payments, which is not easy to do. Or a credit card or bank account is required. You are maybe unbanked in this scenario.
> Why are we tackling the problem with caseworkers instead of something more ambitious, that would ironically be less costly in the long run?
Caseworkers make practically nothing. Does your solution get rid of human beings to act as agents for people who sometimes lose touch with reality? Will there be an AI assistant to guide someone through a schizophrenic break and get them to a hospital and help get them reoriented after they regain contact with reality? That's what's necessary and you're treating actually understanding what they're going through as if it's virtue signalling.
The downvotes are strange to me, because absolutely pointless thefts absolutely do happen in urban spaces, even for the non-homeless. Why would someone smash a car window just to steal a pair of prescription sunglasses that would be completely useless to 99.9% of people? I have no idea, but it happened to me.
> This is the sort of performative response that is the problem. Let's say we force Google to switch off 2FA. Now we have exposed millions of people who don't know any better to phishing attempts and financial loss.
Could be just option hidden somewhere in the settings. Don't need to turn it off for all
> And the group we are trying to help isn't really better off.
Exactly. The word people should be looking for is "vulnerable". They are not a niche category, they are a vulnerable category, and need protection, not dismissal.
Now let's talk about how much effort and what level of resources it's reasonable to expect a commercial entity to invest in extending protections to vulnerable people in need who happen to not be customers.
Perhaps we're asking the wrong entity to address this problem? This seems more like a public service infrastructure problem.
Google is a multi-billion dollar company, they barely have to lift a finger. They simply have to provide an option to opt out of 2FA. Add a bunch of warnings if you must. Even if Google was a small startup it would be trivial for them to do this.
To be clear, your answer to vulnerable people needing protections is to lower the minimum level of security for everyone using Gmail. Do I understand correctly?
As someone who uses 2FA extensively and even has 1Password autofill the OTP codes - 2FA is objectively fucking brutal.
Half of you in here have never met a non-technical user. These folks should not have 2FA on ever, because they can't even use the damn thing with it on.
Yes, those users run a higher risk and should be notified of that extremely clearly. But 2FA is a garbage solution to the problem and it should always be possible to disable it.
I'm going to continue using 2FA happily like most of those in here - but man the lack of empathy is outstanding in here. I feel bad for your users.
And fuck Discord for not allowing me to reset my account with my own damn email address when my phone broke that one time. Total morons, through and through. I'd never want to work with anyone so objectively ignorant and unwilling to admit their ass backwards position.
Oh please. Every business I’ve ever worked for has enforced MFA for corporate access. You’re acting as if “non technical users” are illiterate subhuman morons. Even my 90 year old grandparents trivially figured it out on their own.
I'm claiming the reverse - the human ones are the normal people who just want to use email without it berating them every time they log in.
Then your grandparents are technical users. Curiously, so are mine. Sorry to tell you that you're wrong though and you have not met the non-technical users.
I've had to try to help my aunt and uncle recover old Apple and Google accounts with complete failure because they've changed cell phone providers and didn't care that their phone numbers changed. At no point are they adequately warned this is the case, and recovery codes are a confusing additional layer that they don't understand.
So they basically lose everything and nobody is willing to help them. You are making a grand assumption about accessibility - not everyone has the capability to grok such a convoluted login process. The non-technical users often aren't morons - they are just differently abled. Maybe they are immigrants who didn't grow up with computers much because they were poor, or have a mental condition.
2FA fails spectacularly on accessibility.
Your reply is an example of the problem - completely oblivious to the users that are horribly underserved by 2FA as it exists.
You're reading what you want to read because your position has no strong foundation. At no point has a specific age or employee class been a cornerstone of the argument. You can simply wait for the day that you are screwed by bad 2FA and then it will be obvious how stupid it is. A mistake can happen to anyone - even the people that know what they're doing.
there are as many meanings of "technical" as there are crafts[0], a corporate job likely include many hours each day working at a computer where you will encounter a lot of the various UX patterns that anyone else would encounter.
You do not need to be a programmer or work in IT to know how to use a computer effectively.
On the other hand there are people that do not use computers nor smartphone features that aren't also offered in feature phones.
You are quite right. I have never owned a smart phone myself and never carry any type of phone with me. When I change countries, I try to use shitty pre-paid dumb phones. I was completely unaware that online services seem to hate this, and will lock you out forever if you change your phone number (or change countries - something that has gotten worse, I have noticed, as I have been crossing borders and logging into things for 20 years). It used to be easy. Now it's a nightmare.
I find it disturbing to imagine that people are stuck with phone numbers as de facto ID.
You lose your entire Google account if you lose your 2FA device or number (assuming it's a phone number), for any reason. Even if your Google account is set up with a non-Google email address which you still have access to, and you still know the correct password. And there's nobody you can reach at Google about it, no appeals process, nothing.
I verify that this is true at the time of posting. In previous volunteer work at a non-profit run by university students, the organization assigned a free Gmail account to each executive. Each year, we ran into a problem where the executives would change, and we needed to transfer the Gmail account to the new person.
Problems would happen when the new person tried to log in to the account. Since the login was from an unrecognized device and an unrecognized IP address, security was tightened. Even after inputting the correct password and entering the right backup email, it was mandatory to enter an SMS message from the phone number tied to the account, even after various troubleshooting and attempted workarounds. That meant getting ahold of the previous executive, who may be busy or changed their number.
You could argue that Gmails weren't meant to be used this way, which is fair; the goal of this comment is just to provide additional evidence that the description provided by the parent comment is true. (In the end, we went for a low-cost, reliable email service to fix the issue in the long-term. We also found that registered non-profits are eligible for free Google Workspace or Microsoft Outlook email plans subject to certain eligibility conditions, though we did not have a need of becoming an officially registered non-profit at the time.)
FWIW, if you're the administrator of the organization, you can disable 2FA from the admin console for that user's next login. I've done this a few times for similar reasons.
Thanks for the tip, though this just works for a paid Google Workspace email plan (or a free Google Workspace for Nonprofits plan) [1]. We couldn't do this because we were using free personal Gmail accounts at the time (by transferring the credentials from retired executives to new executives) as we lacked budget and formal non-profit registration (to be eligible for the Nonprofits plan) since the group was fairly small and undergraduate student-run.
The difficulties were to be expected as personal Gmails weren't meant to be used like this (the goal was just to share an anecdote about the difficulties of phone numbers used for two-factor authentication with the free service even once a year). The long-term solution we used was to pay for a reliable but low-cost (in comparison to Outlook and Google) email host initially recommended on HN and a few sysadmin forums, to gain access to organization-wide admin features.
1) Not providing phone number for 2FA. Never.
2) Using multiple (3 pcs.) physical keys for 2FA (like Yubikey and similar). Authentication app is an alternative for one choice of 2FA (but not the sole one!)
3) Only using a limited set of Google functionality. Use for secondary purposes mostly.
Well, the last one is mainly to mitigate the consequences if happens anyway, for other reasons too (like with that poor guy who made picture of his own naked baby for a remote diagnostics with his doctor and the Google locked him out for months - and still counting at the time of the article - for child pornography)
yes I am confused why people aren't discussing OTBC ... is it an assumption that if you lose all your possessions then you lost these as well? Doesn't seem valid as you can certainly give them to a trusted person for safe keeping as well. Or bury them in the ground if you want somewhere.
You can set a backup email address for Google accounts if they're using Google email addresses, but you can't do this if they're using non-Google email addresses as the primary address, such as the one in that link.
I'm logged in to such an account right now and there's no way to do this. The account primary email is also set as the recovery email address and there's no way to add another.
It's actually deceptive to the user to even call it a recovery email address in this case, since Google will never offer to alternatively send a verification code there if the 2FA device is unavailable.
I lost access to a Gmail account for which I had the correct password and a recovery email with a different email service. I was still unable to convince the Google machine that the account was mine. My suspicion is that because I'd changed operating systems on my desktop, I appeared to be 'someone else' as far as Gmail was concerned.
It’s this sort of thing that has prevented me from activating 2FA on my gmail account. I pay for Google Drive (as a tertiary backup) and would be willing to pay more for service that include actual customer service. At this point though I feel locked in. I could switch (any suggestions on paid email with *real* support available?) but it’s a pretty big burden to go through every site & service that uses my email as either a login or password reset vector and change things over.
Heck, here’s an idea for a startup: a digital “moving” service. IRL I could pay a company to take everything I own, pack it up, ship it somewhere else, and even unpack it too. I’d like to see a digital equivalent.
A much less critical or important thing but underlines the bad attitudes:
I just tried to renew my cancelled Netflix membership yesterday.
I am not allowed to do that without providing a phone number (I used Netflix for ca. 8 years without it).
I do not provide that because I do not want to.
I do not tie every aspect of my life to my phone number. In fact I do not want to tie any aspect of it to my phone exclusively. Phone number based authentication is not safe and reliable anyway (can loose, stolen, damaged, then I'll have a cascading effect of problems instantly).
I talked long to the helpdesk lady and the conclusion is that I am not allowed to renew my Netflix account without providing a phone number. End of story.
I permanently remain a non-Netflix user this way. Their loss actually.
(A secondary trouble with them is that they are trying to misinform me, giving false reasons! The support lady reasoned that they need the phone number for validating bank transaction. Since they - Netflix - want to use this to send a code in text that I am required to type into their - Netflix - system it has nothing to do with my bank and with authenticating the transaction! (my bank would never use phone for authienticating a transaction btw, I am not even sure if I updated my phone number with them, they reach me other electronic ways). She was just bullsh%ting! Also the renewal pages stated differently, saying that authenticating my account is where the phone number is required. Not to mention that a friend of mine registered recently and for him the reason to register a phone number was to retrieve password recovery messages. Three sources, three different reasons, one of them is complete bullsh%t. Very repelling kind of practice, I am actually glad staying away.)
(A third smaller aspect was that the helpdesk lady tried to interview me about my phone usage strategy and my reasons instead of answering my question about alternatives. It is not her business how I use phone and trying to pressure me into some rigid lifestyle strategy they determine. There are many alternative ways to carry out the same task, they should provide more and better choices.)
>A much less critical or important thing but underlines the bad attitudes: I just tried to renew my cancelled Netflix membership yesterday. I am not allowed to do that without providing a phone number (I used Netflix for ca. 8 years without it).
If you've got some spare time, have you considered taking them to small-claims court for refusing to cancel your membership and still charging you? It'll cost them a huge amount if they show up, and if they don't then you get a judgement against them by default. Or if you signed some contract agreeing to only use specified some Netflix-specified legal intermediator, use that.
If everybody who was screwed over by tech companies took legal action against them, it'd cost the companies a huge amount of money and they'd have to improve the way they treated people.
> (my bank would never use phone for authienticating a transaction btw, I am not even sure if I updated my phone number with them, they reach me other electronic ways).
Phone numbers are often included in billing address inputs, so I imagine it's at least logged in the bank's system and perhaps used as a heuristic signal for fraud.
Google's 2FA is dreadful. 2FA is a good idea when it's added with consent, but Google adds it behind your back in ways that are both infuriating and brain-dead.
I've been caught out recently twice: once I was away on work and had to access my email. Google demanded that I verify it using my phone that I'd previously accessed my work email with. However, this phone was just a phone I use for development, had never had a sim card inserted, and was on my desk at home. I hadn't agreed that it should be used for 2FA. It was tremendously inconvenient because I needed to find where my hotel was.
Another time recently I managed to destroy my phone in an accident and got the phone replaced. Despite taking the sim card from the old phone and putting it in the new one, doing a factory reset on the old one, and it not being active for a week, Google still demanded I 2FA authenticate on the old one.
I feel these problems could have easily been avoided, but it's typical latter-day Google experience: a tin ear for the customer experience and a general attitude of automation knows better than users.
Apple does it too. I have three iPhones, one much older than the other two. Recently, in one of my new iPhones, Apple decided to ask me about my passcode I used in my “giggleupstairs’s iPhone” for some special verification scenario. Now, what? I have THREE iPhones, how will I remember which iPhone is this generic looking iPhone name referring to? I kept entering what I thought was the correct passcode for at least three times before realising what was happening. I shudder to think I could have ended up locking up my account like this.
fwiw, the passcode challenge is for decrypting your keychain. If you fail that, you lose your passwords and other E2E data, but for better or for worse, not that much stored stuff is E2E encrypted and so you don't lose too much. I don't know if it's still true, but a few years back if you lost everything (i.e. didn't know your passcodes, didn't have a device to approve the sign in from) you could still get back into your account by waiting two weeks and recreating your keychain. This also means that if you are ever away from the internet for two weeks and someone knows your password that they can jack your shit but that's quite the edge case imo.
I've never seen this issue. I don't have 2FA enabled for any personal Google account. There are some dark patterns to try and get you to enable 2FA that I don't agree with, e.g. a big "add a phone number to your account" page after you log in, with a small "skip for now" button at the bottom.
This doesn't involve a phone number, and I haven't enabled 2FA either. This is a security check that's activated under some combination of unfamiliar ___location, WiFi network, or device. It requires you to confirm your identity by using the app.
If you delve though GMail's settings, under "Sign-in and recovery":
Trusted mobile devices
Google can verify that it's you by sending sign-in notifications to a private
phone or tablet. You can remove it in your recently used devices.
There's no way to turn it off as far as I can see. You can remove a device from the authorised list, but that's not very helpful if you don't realise that it's been added.
It's idiotic. It's essentially: "confirm that you're allowed to access your email by confirming that you already have access to your email".
Goog did it to me too. I was using a burner phone, and logged into the Goog account. Next thing I know, after I chucked the burner, Goog is demanding I authN using the burner phone.
If you are wondering how I authenticated the first place onto the burner, I used TOTP, but she would not let me use it again; she wanted my burner.
Yeah I had a similar issue. I had TOTP 2FA set up on my google account, and connected an android phone to it purely to download something from the app store.
Google then decided that it was going to ignore TOTP set up and prefer the "Trusted mobile device."
In a way it actually made my account less secure, since that was a testing device and had no passcode on it.
Why is this guy mad at Google for implementing security (which I guarantee has saved a lot of homeless from account takeovers), when he could be mad at the government program for failing to provide people with a stable phone number? Constantly changing your phone number has a lot of other bad consequences which have nothing to do with Google.
And maybe the government should consider providing an email account too. The cost would be negligible compared to buying people new phones every 12 weeks...
This is yet another example of the "accessibility, privacy, fraud-protection, choose any two" problem.
You can force people to use 2FA, but then you discriminate against people who can't. You can build an account recovery flow that requires government-issued proof of ID, but then you sacrifice privacy. You can do neither, but then you make accounts easier to compromise and harder to recover. There's no good solution here, it's all tradeoffs.
Captchas are another situation where this problem arises. You can implement easy audio and text captchas, available in all the languages your signup form supports, but then you get a lot more fraudulent signups. You can eliminate captchas altogether, relying on invasive user fingerprinting instead, but then you sacrifice privacy. You can do neither, but then you discriminate against visually impaired users. Once again, no good solution, just tradeoffs.
Maybe each individual should be allowed to "choose the two" that work best for them.
Most of us have at least one email account that's already under our real name, where we have no big interest in hiding our real identity, but we do have a big interest in not being randomly shut down by Google. We hear about such shutdowns every few weeks on HN, if not more.
Google has unfathomable financial and technical resources, much of which goes to projects of speculative value at best. I can't help but feel that they could provide a slightly more customized login experience to help diverse people with diverse needs.
The only email provider I'm aware of that still doesn't require a phone number during sign up is protonmail. Maybe tutanota but IIRC they wouldn't let you sign up over a VPN.
This problem, and the not-my-problem responses, really highlight the self centered mindset we have encouraged. What if that homeless person was your substance-abusing sibling? A friend from school with mental health issues? We need to collectively take more responsibility for those in the worst situations.
If you've every tried to teach an old person how to use 2FA you know it's an uphill battle. Using a fingerprint reader isn't even doable for some. And we're all going to be old one day.
Practically, we need ideas like to 2FA to gain tractionas widely as possible, while realising that isn't everywhere. And some people will never use 2FA, need higher thresholds for triggering lockouts, and need alternative methods for re-establishing identity to their ID provider (google in this case). For some people that might be their local librarians or community shelter, legal aid groups, and banks.
This is missing the forest for the trees. Of course we'd be more emotionally involved if it was someone we knew, that's not hypocritical. Most people aren't against fixing societal problems, either. As it stands, homelessness is definitely something that affects a ton of people so it definitely is our problem as long as we are city dwellers.
The problem here is that misapplied empathy can lead to terrible decisions. Having Google change their 2FA system for this group would be one such decision. It's similar to the 'think of the kids + terrorism' attacks on encryption. It's socially difficult to argue against these ideas because you are then labeled as a terrible and non-empathetic person, but the solutions themselves make one other thing worse without really being helpful other than for garnering retweets and likes.
In this case, we actually aren't being ambitious enough. Why are we having a system where we give out phones every 12 weeks to each homeless person? We'd probably save money for the program by developing some sort of dedicated device designed to be harder to steal or lose. Maybe a high-autonomy low-powered KaiOS smartphone that can be attached as a strap? It's not like the current devices are working.
Why is it such a hassle to keep the same number after a theft? We could investigate there too. Improving this would be better than decreasing the effectiveness of gmail's measures.
Heck, if we want to focus on Gmail, why not focus on why it's the default choice for the homeless to begin with, as opposed to removing features.
We could try to solve the problem structurally but we prefer the caseworker approach, because it's more easily packaged 'empathy' than actually fixing the homelessness issue. It's like people who travel to developing countries to 'help', when the locals need investments and training facilities, not extra warm bodies. Actually giving homes to the homeless would probably be cheaper than whatever we are doing now, even taking into account the mental illness and drug-abuse problems that factor into this.
Look, I'd love to fix homelessness in America! Really, I would! But Google's policies are causing people to get locked out of their accounts now, today.
Google could put a toggle in Google Account settings titled something like "Allow anyone who knows my password to log in to my Google account (less secure)." It could sit above a description of the risks involved. It would need to be disabled by default, and it wouldn't help users who don't know about it. It certainly would not fix homelessness in society. But it would do a lot of good for a lot of people!
Would this option lead to some increased number of hacked accounts? Probably, but these would be accounts that explicitly opted in to that risk! I think it's excessively paternalistic to not provide the option. Every life situation is unique, and people know their own lives better than Google does.
This is a result of taking a product made by someone else for a certain purpose and then using it for one it isn't intended. Its not Google's fault gmail is a bad fit here. They didn't design it with this use case in mind.
The solution is to use one that is. Why are case workers directing the homeless to setup gmail accounts? Because they haven't been provided with a better solution by the system they work within.
So its the government's problem to fix. They are the ones handing out phones and setting the expectation to communicate through email. So they can either design an email service themselves that fits their needs. Or they can work with an industry partner, such as google or someone else to provide the service.
Normal gmail is a one size fits all commodity solution. It works well enough for most people, most of the time. Specialized problems call for specialized solutions. Complaining that google didn't think of you is misplaced.
Should users with poor vision also have to use a special blind-person email provider? Because, I'd expect supporting screen readers to take significantly more effort than adding the setting I outlined.
Also, if I was homeless, I wouldn't want my email address to indicate I was homeless.
I broadly agree that it isn't Google's job to cater to everyone, but in this instance, the ask seems overwhelmingly reasonable—and less than what we expect in other circumstances.
What is the ask that is overwhelmingly reasonable? As has been pointed out to me and others, Google already offers a way to turn off 2FA - https://support.google.com/accounts/answer/1064203 Naively this seems like it should solve the 2FA problem for the unhoused community members in question.
Even when 2FA is disabled, Google will insist on additional verification (phone, recovery email, etc) if it thinks something about your browser or IP address is unusual, even if you know your password. If you don't have a verification method (or cannot access it), Google will literally just lock you out. I have personally experienced this.
OK. That raises all sorts of follow-up questions, as turning off security measures can be expected to have consequences.
What should Google do in the scenario that this purposely-low-security-for-the-unhoused account is breached? What about abuse? Are we OK with Google just shutting off accounts in that scenario? Are we prepared to accept that the members of our community experiencing being unhoused will find themselves constantly creating new accounts as their old ones are shut off or rendered unusual from the consequences of purposely-low-security-for-the-vulnerable?
Remember, things like gmail accounts are under constant attack. Security measures, the very ones we're talking about disabling, help keep those attacks at bay. Each of those things that triggers verification actually lines up with real attack patterns.
So while this may be a small-ish thing to ask for, I'm a little concerned about the consequences. We're literally asking to offer the most vulnerable and marginalized members of society shittier security and ignoring the effects of this.
> Are we OK with Google just shutting off accounts in that scenario? Are we prepared to accept that the members of our community experiencing being unhoused will find themselves constantly creating new accounts as their old ones are shut off or rendered unusual from the consequences of purposely-low-security-for-the-vulnerable?
I am, yes, if the alternative is that they loose access to their account every few months!
Also, at least this way people have the ability to keep their accounts truly safe if they choose a strong, unique password. If Google just locks them out no matter what, there's no recourse.
> I am, yes, if the alternative is that they loose access to their account every few months!
Good to hear, though I confess to a bit of confusion. The issue I pointed to is that they're going to lose access to their accounts frequently as their accounts get breached, abused, and shut off. As opposed to losing access because they lost their phone number.
> Also, at least this way people have the ability to keep their accounts truly safe if they choose a strong, unique password. If Google just locks them out no matter what, there's no recourse.
As described in the Twitter thread, we're talking about people who already struggle to remember their passwords. I doubt this will improve if we require basically regular people to have strong passwords, but perhaps you have reason to think differently.
Basically I think you're trading one cause of lockout without recourse for another cause of lockout without recourse with this proposal. This does not strike me as progress. For my own part, I think Google is the wrong place to be trying to address this issue - perhaps porting phone numbers within the Lifeline phone program would be better.
I don't think people's accounts are getting hacked anywhere near three times per year. And while remembering passwords is a problem, surely it's easier than remembering a password and keeping track of a second factor device?
You're right, people's accounts aren't getting hacked that often. This is because of a wide array of security measures - the ones you're suggesting be disabled. The frequency of breaches goes up significantly without those in place, especially when coupled with the kind of weak password likely to be chosen by struggling, marginalized, vulnerable people whose priority is not keeping bots at bay.
In short - yes, but the consequences defeat the point.
Gmail is a perfect fit in theory. Google provides a product, workspace, where you can hand out gmail addresses and reset them at need. Given that the cost of providing such accounts is actually less because the support burden falls on the city it might be possible to convince Google to provide them at less than the standard cost.
If Google is going to position itself as the face of the internet, then it has to live up to that responsibility; it can’t go, hm yes, use our browser and our email service and our phones, but only if you fit into this category of prescribed users.
Of course they can. It's the only thing they've ever done. I honestly can't think of a company that thinks less of its users than Google does - that's because in their view, they have no users - they only have eyeballs, that are worth anywhere from fractional cents to hundreds of dollars every time they can grab them.
Using "support" and "Google" in the same sentence is laughable. They barely support the ad clients that pay their freight. Google's entire business model is built around NEVER providing support for the users of their technologies, and killing off any products that don't monetize.
> They didn't design it with this use case in mind.
Where on the gmail page does it say "not for homeless people, sorry"?
Adding (and forcing) 2FA was a recent decision from Google, which came a long time after Gmail the product was already introduced. There are millions of accounts which were created long before anyone had an idea what a smartphone was, let alone phone-based 2FA.
Not having 2FA is going to allow some portion of users to get hacked. When those users do get hacked they will need a way to regain control of the account. Methods of regaining access to an account are notorious for bad actors social engineering their way to gaining control of accounts.
2FA relieves some of that, because even if you do get hacked you can provide a token from the authenticator that was attached to the account, proving that you do in fact own that account.
> I think it's excessively paternalistic to not provide that option.
I don't find it paternalistic. The goal is to cut down on support costs by reducing the number of users who get hacked and need assistance regaining access to their accounts, and to force users to have a method of demonstrating they own the account even if they can't log in. That it confers some additional security to users is nice, but not really the end goal.
> Not having 2FA is going to allow some portion of users to get hacked. When those users do get hacked they will need a way to regain control of the account.
I don't think they do! This would be part of the tradeoff.
Currently, people who cannot use or rely on 2FA are getting locked out of their accounts even if they weren't hacked and knew their password! Isn't that worse?
> Currently, people who cannot use or rely on 2FA are getting locked out of their accounts even if they weren't hacked and knew their password! Isn't that worse?
I don't think so. You seem to presume the end state of both is that the user is locked out, which is only half true.
With a lost 2FA device, the user and everyone else is locked out of the account.
With a compromised account, the user may be locked out but the hacker is not. The hacker is free to impersonate the user to social services, hospitals, potential employers, etc. If there's no mechanism for the user to regain control of the account, the hacker will have that access until the user can contact all of those people and give them a new email address. That could take a while, especially if we're considering that the user has a high chance of not having a phone at the moment.
> Currently, people who cannot use or rely on 2FA are getting locked out of their accounts even if they weren't hacked and knew their password! Isn't that worse?
Not if it's happening to fewer people than the alternative.
> I don't find it paternalistic. The goal is to cut down on support costs by reducing the number of users who get hacked and need assistance regaining access to their accounts, and to force users to have a method of demonstrating they own the account even if they can't log in. That it confers some additional security to users is nice, but not really the end goal.
So we should be mindful of Google's profit margins, instead of homeless people's access to vital services?
If the service is truly vital it should be provided by the government, not Google. The government would also be free to set security policies and provide support at the level and cost demanded by the public. It is not and should not be the role of a private enterprise to act as a backstop for the fabric of society when it is not in their interests or their customers' overall interests.
The vital services are provided by the government, but require an email address. Some people have trusted Google to be their email provider, and Google is failing some of those people by denying them access unnecessarily.
I'm saying that if the public/government doesn't feel like Google's security policies are compatible with the homeless, the simplest solution is to set up a government-run email host.
But we should also expect Google to give a small crap about the troubles it's putting some of its users through, especially when this is so important to some of its most vulnerable users, and adding an option to disable 2FA is such a small feature for a Mega corporation.
umm you DO know that Gmail isn't only free email, right? Like, just use another one which doesn't force 2FA. Why is this become an issue? I don't get it
Why is it fine? Why should we not ask and expect that one of the largest corporations on the planet make a tiny effort to improve the lives of some of its users at very little cost to them?
Sure, homeless people and those who help them should pick an alternate free email service. And the government should either set up its own email or stop requiring email contact for this sort of thing. But for people who are already Google users, Google should also try to make their lives significantly easier with a tiny bit of effort (allow someone to explicitly disable 2FA for gmail - with all the warnings and cautions that they can).
• The people who want security get to keep all the security they get today.
• The people who don't think about security and leave default settings intact keep all the security they get today.
• The people who explicitly ask for less security get less security.
• Some of the homeless will get increased access to vital services.
It's a win-win—unless you believe, for some reason, that people should have security forced on them even if they explicitly ask to not have it. I fundamentally don't understand this mindset. People should have the right to do dangerous things if they are warned of the risks involved.
>The people who explicitly ask for less security get less security.
The problem with that is less security is almost always more usable than more security, which leads to the greater amount of people being in that state, which is not just a danger to the user making the choice, it is a danger to others.
Unless the requirement is extremely onerous, very few people will go into settings to check if it can be circumvented. For homeless people, it seems that it is indeed extremely onerous, so they or those who help them will have a reason to do this, but few others.
Not sure why this is being downvited. You could argue that forcing security upon users is why everyone knows about password-based logon today. Same could be said about the initiative for HTTPS everywhere.
We should probably not force private companies to spend (or lose, no difference) money to solve societal problems that they are in no way responsible for.
That's like forcing pepboys to change the tires of senior citizens for free because social security isn't paying enough.
Maybe we should put our efforts towards fixing problems instead of asking private companies to put a bandaid on it at their expense.
This seems like something the homeless services are best positioned to fix by providing email hosting to their clients. They know their clients are actual humans, not hackers, so can provide the continuity that the giant providers can't.
That's almost exactly what Google has done. Here's how you turn off 2FA on your account:
1. Go to myaccount.google.com
2. Press "Security"
3. Press "2 step verification"
4. Enter your password
5. Press "Turn off"
6. Confirm the dialog that says "Turning off 2-Step Verification will remove the extra security on your account, and you’ll only use your password to sign in."
Those steps don’t actually turn off 2FA for Google accounts.
If you login from a new computer or unrecognized IP, Google forces you to use the YouTube app on your phone to enter a “code” to login. It sometimes doesn’t even let you get a text code.
God forbid I lose my phone or delete the YouTube app and login from a new IP. I don’t know how I would even get into my account.
I don’t know how this isn’t a wider spread issue affecting more people but I guess Google developers live in a perfect world where the YouTube app auth can never fail and you never lose your phone.
Have you actually tried disabling 2FA? Because I just did. I followed the steps above then signed in to Google from a clean browser profile with password only. No problem. Then I connected to a VPN in a different country and signed in from another clean profile. Again, no problem.
If you have 2FA enabled, then yes, of course it will ask you for the second factor if you're doing something unusual.
But with 2FA disabled, logging in with just a password works fine.
I have no idea what part of Google's fingerprinting panopticon decided it was okay to let you in from a clean profile, but I can promise you that in the past, I have been locked out. Yes, 2FA was turned off. And there are lots of other reports of this happening around the web, and even here on HN, so I'm not unique.
My problem isn’t that gmail is too secure, it’s that the 2FA setting doesn’t actually turn off what it’s supposed to turn off. Not sure if this is a bug or intended behavior.
Just use another email provider. There are many other free ones and reasonably priced paid services. The paid services tend to better listen to their users since they’re the real customers
That's Weird, I've never had to do that. I can just login to Google with my username/password. If it doesn't recognize the device it just pushes a notification of the sign in to my phone
It's just a notification, it can be ignored (for me). I don't usually even notice its there until hours later. You don't have to acknowledge it in any way.
It also has nothing to do with the YouTube app, and there is no code I have to enter anywhere.
I've never had any form of 2FA on my Google account.
I recall that the problem was broader than 2FA. They also re-verify accounts that have been idle, or that are being accessed from a new ___location. Or issues if you've forgotten the password and don't have a phone.
This is exactly it. And if you don't have a verification method on file, Google will just lock the account if it thinks something about your browser or IP address is unusual. Even if you know your password.
Speaking as a long-time Gmail user who doesn't have a mobile, this is kind of terrifying. Sounds like I need to look into moving to Fastmail or somesuch pronto.
While your proposal is perfectly reasonable, I couldn't help but notice that your opening was an example of the "'think of the kids + terrorism'" mentioned by GP.
> Look, I'd love to stop CP distribution in America! Really, I would! But Google's encryption policies are preventing law enforcement from intercepting pedophile communications now, today.
It's the same "think of [vulnerable group]" type of statement.
The purpose of that sentence was to bring us back to the issue at hand. GP was essentially saying (as I interpreted it) that we should focus on the root causes of homelessness instead of worrying about day-to-day concerns like how the homeless access email. I think we should do both, especially when the latter would be relatively simple.
But also, yes, there are in fact many times when it's important to consider the needs of different groups of people! That isn't to say that the ends always justify the means—it depends on what the means are—but reasonable accommodations should be made where possible.
> Google could put a toggle in Google Account settings titled something like "Allow anyone who knows my password to log in to my Google account (less secure)."
Google allows someone of your choosing, who must also have a GMail account, to takeover one's account after x months of inactivity. It's not great but it's better than nothing and it has the benefit of being an option that exists today.
I can understand your statement, but by doing that you will find that A LOT of people will check the insecure options because “that a not going to happen to me”.
Remember you have the “rescue keys” from google to avoid these kind of problems.
The bigger problem is how you teach those people how to use the services in their situation.
While I don't think that's a bad idea in some situations, it means trusting the case worker with access to the entire account (as they could use the recovery email to reset the password). It's also an extra burden to put on the case worker, and the individual who has to coordinate with the case worker.
Additionally, this only exists in some magical, fantastical world where the unhoused only have one case worker. In reality the unhoused bounce between a patchwork of government and non-profit services, and because of the soul-crushing workload and emotional labor of those jobs the individuals in each role are also subject to frequent turnover. So the only way this would work is an account that's shared between everyone who might work with that unhoused client at each organization (there are often multiple handling different aspects such as housing, mental health, money for groceries, etc.), and as clients move geographically or do other things that make them eligible or ineligible for each organization's services, that recovery account would also need to change or transition to some new org. Even a single recovery email address is just a totally unworkable solution for the reality they face.
> Actually giving homes to the homeless would probably be cheaper than whatever we are doing now, even taking into account the mental illness and drug-abuse problems that factor into this.
This point is worth reiterating. Homelessness can be solved by providing housing. Yes, homelessness is a complex multi-faceted problem, but the first order solution to the problem is to provide housing.
Homelessness is a problem with huge externalities to society. Put another way, homelessness is an enormously expensive solution to the problem of providing space for humans to live.
Some homeless people don't want to deal with the maintenance of a home.
Some homeless people aren't capable of the maintenance of a home due to mental or physical issues.
Some homeless people refuse to accept help for mental issues for fear of being trapped in a psych ward.
Simply put, you need to split homelessness into temporary and chronic populations. For the temporary group, homelessness is the problem. For the chronic group, it is a symptom. Treating the symptom will not have a long-term impact on much of the population.
Source: conversations with a social worker friend who spent years working with the homeless population in our metro area.
> Some homeless people don't want to deal with the maintenance of a home.
You've got a good point. These leaves are really starting to pile up, and the snow will be upon us soon. I think I'll just say fuck it and sleep under a bridge, and leave the grounds keeping to the parks department.
You did set up a straw man solely to get knocked down, right? In actuality, the idea of giving "housing to everyone" doesn't mean an idyllic single family stick-and-drywall dwelling with a yard, but rather something communal - like a less-populous more-dignified shelter with a modicum of persistent personal space. The maintenance would be institutional, and come out of the same operating budget as administration, utilities, etc.
I feel like most of the "some homeless just want to be homeless" argument revolves around baking in assumptions that public housing should come with a bunch of strings attached, to make the residents' lives "better". In your comment, this is the responsibility for maintenance or mental health treatment. Such conditions are what turns people off, not some intrinsic love for sleeping rough.
How many of those chronic homeless would have only been temporarily homeless if they had the security of housing early on before their situation went even further downhill?
Sometimes mental issues are purely genetic but often they can also arise from or be exacerbated by trauma. And homelessness sure is traumatic.
Most homeless people do not have a severe mental illness (around 70%) [1]. For most homeless people, it's primarily an issue of housing affordability. The solution is to reduce the cost of housing.
For the people who need more support -- due to mental illness or otherwise -- the affordable, effective solution is permanent supportive housing [2].
Wait, what? That's precisely opposite of what your source [1] says:
“70% were receiving mental health treatment or had in the past.”
"An April 2016 survey of New York City’s homeless population reported that unsheltered homeless individuals were most likely to be severely mentally ill single males."
Something like 1 in 5 of the homeless in San Francisco have a traumatic brain injury.
None of these people are going to be fixed with mere "housing".
Even worse, putting these people who desperately need medical treatment in "mere housing" is very likely to cause the "mere housing" program to fail when it could have succeeded. The homeless who need "mere housing" don't want to be near the homeless who need "significant medical treatment" any more than anybody else does.
Homelessness has an "Amdahl's Law" nature to it. You have to separate out the different types of homelessness and apply the correct solution. And you will only gain the improvement for the group you "solved".
Consequently, you can solve 20% of the homeless problem and people will still say you "failed" because 80% of the homeless are still in their vision.
Unfortunately it's more complicated than this. There have been nonprofit organizations and government initiatives to give homeless people space in unoccupied hotels for example.
What ends up happening is they generally just destroy the living space in a variety of ways.
It's because the majority of homelessness is an issue of mental health. In the USA, there are pretty much zero mental health resources for people in poverty.
> What ends up happening is they generally just destroy the living space in a variety of ways.
Citation very much needed here. This certainly does happen. But, I don’t believe this the general (i.e. typical) outcome. From what I understand talking to acquaintances who work in this area, wrecking the place is not the typical outcome. And property damage is generally cheaper to address than the constant provision of emergency services.
I agree that mental health (and substance use) are major factors in homelessness, but those issues are more or less impossible to address when people are living on the street with no permanent address and no place to keep e.g. a cell phone without it being stolen.
At least a data point here - my city of Austin is buying a hotel to convert into housing for the homeless.
This has gone badly. The property sees intense vandalism and destruction, the neighbors are afraid for their safety, and the whole thing is an amazingly expensive boondoggle.
Seems like a bad situation. But follow the timetable:
1) Austin buys the property
2) Begins renovations on vacant premises
3) Vandalism takes place
---------------
4) The conversion is complete
5) Property officially offered to homeless residents
Steps 4 and 5 haven't happened yet. So homeless people who "generally just destroy the living space" isn't a good fit for what's going on. This is simply a situation of an unsecured construction site that has attracted squatters and vandals.
Oh they sell it as soon as they can (copper is easy to recycle and carries direct value) and then use the money for whatever.
The risk of course is that you are ripping potentially live circuits out of a building. It usually requires you to already be impaired and desperate to do it. It's that fun combo of illegal and dangerous.
But it also wasn't homeless people being legally housed there. If your point is "people who live there take better care of the space", then that's what Austin is trying to do. Convert squatters stealing copper to the kind of people who live there.
> It's because the majority of homelessness is an issue of mental health.
This isn't true or at least it doesn't start that way. What people don't understand is that there isn't a single homeless population. You have people who are temporarily homeless and people who are chronically homeless. The temporarily homeless are people who lost jobs, fell on hard times, etc etc. The simplest solution for them is yes to give them housing. The chronically homeless is where things get more complicated and those are the people who typically need mental health and abuse services. The simplest and most efficient thing we can do is help the temporarily homeless and prevent them from becoming chronically homeless.
We're pretty good at getting the temporarily homeless into housing. Obviously any improvements are good, but fundamentally the issue is with the chronically homeless who often have other factors going on.
This is the industry term for people between housing (they can't make rent, they got kicked out, etc). It differentiates from the chronically homeless who can not be rehoused simply by giving them a place to live.
yes there are different castes of homeless, some do quite well, and are not problematic. others are of disorganized psyche, and cause much of thier own problems, resulting in no one wanting them around.
The problem is multifaceted. And homeless people are not a monolith. There are large cohorts for whom simply receiving a home would make life significantly easier.
What sometimes ends up happening. It’s true that we have huge gaps for mental health and substance abuse but there are examples (famously, Salt Lake City) of such programs working. The mixed history says we need to take the problem seriously, not give up.
What you describe is not "giving the homeless a home" its giving them a temporary, poor substitute for a home that they have no personal interest in"
Also your sweeping statement about the destruction of their living space smells to high heaven prejudiced thinking based on myth or hearsay rather than actual data.
> Homelessness can be solved by providing housing.
They used to be called asylums, and the problem is what to do if the homeless person refuses to go. I wonder why you don't hear about homelessness in totalitarian states...
Homelessness in the US is a complex problem. I found the Soft White Underbelly interview series by Mark Laita insightful when learning more about it: https://www.softwhiteunderbelly.com
Mark spent considerable time earning the trust of LA's skid row population – a large roadside tent community – and has a series of 1:1 interviews with a slice of the population, exploring their histories, challenges, preferences, and culture.
Mark doesn't believe that many (most?) of the skid row population would benefit from being provided with housing, and that issues of trauma, mental health, and childhood family environment are what he believes would have the highest leverage on the problem.
This is of course just one perspective on the problem, but Mark's perspective taught me quite a bit.
I have a feeling that the issue isn't homelessness really, but the kinds of people that end up homeless cause problems anyway. Someone won't stop being violent or committing crime because they got moved from a tent to a studio.
I don't think the temporally homeless, like someone down on their luck. makes up the issues people have with homeless. You see some crazy person, then you see that person is homeless, your answer to that is "oh give them a studio apartment!" and not lets help them with their issue. Police should be policing violent people, for some reason instead of that we want to build homes in the middle of nowhere and drop them off their. They're still going to cause issues.
I think people would be a lot more compassionate towards homeless people generally if the violent and destructive subset of homeless people were put in prison where they belong. With the awful ones out of the way, the peaceful sympathetic homeless people would become the public face of homelessness and the general public would be much more willing to to address their problems constructively (e.g. provide housing to them.)
But instead the justice system is set up to give effective impunity to the worst sort of homeless people; they're back on the street days after being arrested (if they are even arrested in the first place.) They cause incredible damage and commotion, so they hog all the public attention and give all homeless people a very bad name through association.
> Having Google change their 2FA system for this group would be one such decision.
It could be opt-out.
> It's similar to the 'think of the kids + terrorism' attacks on encryption.
No, it's not. Nobody choosing whether _they_ enable 2FA affects your decision to use it or not. It's more like forcing drugs down somebody's throat because you believe it benefits them and everybody else is doing it anyway.
> Why is it such a hassle to keep the same number after a theft? We could investigate there too.
Sim-jacking. Somebody could claim to have lost it and just take your number. This has happened before. The problem of authentication is fundamental in security and Google are just passing the buck onto phone service providers.
> Heck, if we want to focus on Gmail, why not focus on why it's the default choice for the homeless to begin with, as opposed to removing features.
Because it's free and the emails don't bounce. Most big tech has 2FA now.
homelessness is definitely something that affects a ton of people so it definitely is our problem as long as we are city dwellers.
We have to break out of the stereotype that homelessness is a city problem. It isn't. Far from it.
Homelessness is more obvious in cities because there are fewer places for homeless people to be. But there are plenty of homeless people camped out in rural and suburban towns, if you know what to look for.
I recently lived in a snooty city suburb where most of the homes cost from $600,000 to $10 million, and guess what — the drainage tunnels beneath the Home Depot, the maintenance underpasses in the parks, the undeveloped wooded lots were all full of homeless people.
Promulgating the notion that homelessness is a city problem is what allows suburban and rural politicians to cut funding for homeless services because "it doesn't affect my constituents."
What I mean is that it's almost impossible not to be affected if you are a city-dweller, it's a lot harder to ignore. Most will ignore it, but still acknowledge it as a problem for them. Even in a cynical and dehumanizing way.
I would argue yours is a poor point of comparison and you have missed the forest.
google isn't requiring specific 2FA data, like address, because they are stalwart guardians of data. They are harvesting data because that is their business.
The homeless don't have enough data to be of value to an entity like goolge
If Google were to shrivel up and dissolve, I would not mind at all. But what's currently happening is that a metric ton of people are using their free email service and won't stop doing so any time soon, and so they had an incentive to hand-hold and force along 2FA that coincides with some form of public utility: fewer security breaks and financial ruin for massive globs of vulnerable, tech-illiterate people.
I like your comment because it gradually stumbles upon the actual solution. We aren't being ambitious enough, but developing a device designed to be harder to steal or lose is timidly incremental. By the last paragraph, we're talking about ending homelessness entirely. That is an ambitious — but achievable! — goal, and one that actually addresses the root of the problem.
If you mean a stumble in the sense that I'm not truly aware of the implications of what I'm proposing, that's not really the case. I personally believe we could be yet more ambitious than what I am describing here, but I realize that most people aren't going to be on board. So the next best thing is to propose a different framework of looking at the problem and a different methodology for looking for solutions. A dedicated device would be incremental, yes, but what matters is that if we unlock the capacity to think towards this sort of innovation the big changes will follow naturally.
Just to clarify, I meant “stumble” as in it seemed to be somewhat stream of consciousness; just happening to end up at “give everyone a home” rather than planning a route there from the opening sentence.
Don't single out email. The problem is much larger than that. Any big megacorp nowadays figured out that the best way to do whatever they are doing is to provide the service to the median consumer, and just cut the rest out as perfectly as they can. It started with the idiotic get a number to wait in line at the branch offices, IVR audio labyrinths on the phone, completely useless self-service portals, and now there are no branch offices anymore, and in many cases the "helpdesk" is just a dumb caricature of a robot in a fucking submenu of a tragedy of a hacked together mobile app.
Sure, it's great that gmail is cheap, after all "it's free". But Google (and MSFT, fuck outlook.com in particular for their completely anti-competitive spam "protection" that only accepts email from other big providers) cross-finances gmail from their ad business, completely distorting every kind of service and product markets.
---
For email in particular what's needed is a LetsEncrypt-like community-driven solution for reputation management and acceptance of emails from reputable sources by the big inbox providers.
The long version (if it’s patronising please skim forward, I’m writing as an explainer for anyone else that comes along):
E-mail was originally a means to communicate informally between two participants over the Internet.
In this early version of the system the message would leave your machine, go to your Mail server, then the recipients mail server, then their inbox. This would complete the transmission and a copy would exist at both ends.
Companies providing ostensibly free online e-mail inboxes have slick sign-up funnels that on the surface seem to be offering a very similar system as the one above, with very little in the way of regulation around either the sign-up funnel or the mailbox (and which do not explain the catastrophic life consequences that can occur as a result of losing access to your mailbox).
These new mailboxes work differently from those of the early Internet, though:
1) Your mail is sent to your mail server. A copy may or may not be retained locally.
2) Your mail server transmits the message to the recipients mail server as before.
3) The recipient receives a notification of the e-mail and may or may not retain a copy locally.
This infrastructure is ubiquitous and now not quite 30 years after the early Internet we have an issue where you’ll be required to have an e-mail address for almost all public services and common accounts that have little to no online component. Your entire life, more or less, may pass through that inbox.
If one day you lose access to the account (in that you insert your password and the provider says no), you will lose access to your entire e-mail history.
You may attempt to reset some passwords for essential services, but you can’t, because they’re sending e-mails to verify your identity - which you’ll never be able to receive.
You move on, create a new account, and attempt to start over. However, e-mails - potentially important e-mails containing personal information - continue to be delivered to a mailbox that you can’t access ever again. Maybe you miss some important alerts.
Perhaps it was a gmail account that had your entire photo and video history in google photos. That’s now gone too. With your passwords, if you’re using chrome passwords.
You rebuild, and a couple of years pass, and perhaps someone else gets access to your account (either through a hack, or a rogue employee with access rights, or someone who guessed a badly thought out password).
You never find out that the account was accessed, so have no-one to complain to, and maybe you end up with savings or 401K/pensions getting emptied. Which in a lot of cases wouldn’t be discovered until they’re due to be collected.
Some of the above might sound far-fetched, but you’d be surprised how much having access to an email inbox is accepted proof-of-identity in 2022.
My mailing address and phone could also be key factors in my life related to identification but there is little regulation there.
"If one day you lose access to the account (in that you insert your password and the provider says no), you will lose access to your entire e-mail history"
This comes down to personal responsibility assuming you lost the password or even if it's the companies fault you should prepare for thus.
Really Original e-mail, the mail server was your computer (mainframe) where your account was. It's Greg@ because that's Greg's username when he logs in. Greg doesn't need outlook because his mail is just a folder of text files. There's a mail agent but it's running on Greg's computer.
> The problem here is that misapplied empathy can lead to terrible decisions.
That's not the problem, that's a vague wave at a generic class of innuendo that could be used just as easily to rationalize not allowing your child to eat ice cream or Japanese internment. You have to make the case why Google changing their 2FA system is so much more important than the homeless having phone service, you can't just say "sometimes, empathy can be bad."
I'm not getting that from the rest of the comment, which seems like a gish gallop around a bunch of other things that we're also not going to do for the homeless, and about which you or somebody else can say "it's only human to be worried about other people going through these issues, but empathy can be bad. The answer isn't that HUD should change the second line of the third section of Form B, it's that we should fix the homeless problem completely."
edit: We can't use as an excuse for not making small changes that we should be making larger changes. The excuses that one makes to avoid making small changes will apply more so to larger changes.
I can make a very specific case for it. Out of 1.5+ billion users, millions of which are barely tech-literate and vulnerable, with gmail a constant target for malicious entities. That means intuitively at least hundreds of thousands of vulnerable people getting cleaned out of their life savings. Changing things for billions in exchange for a marginal benefit to thousands is bizarre.
It's not a 'gish gallop' but a framework for looking at the issue. I'm not saying that empathy is sometimes bad, I'm saying that it can't be the starting point for our reasoning. It can be the impetus that makes us act, but the actual solution should come first. Sure, maybe none of the things I'm proposing will be implemented. Maybe they're all godawful ideas, but I can't fix the problem in the five minutes it took to write the post or even five decades of intense research on my own. But it's clear that keeping to that pseudo-empathy performative martyrdom mindset is an active roadblock against the more ambitious solutions. And it leads to truly awful ideas such as getting rid of encryption, rights, and so on.
So you don't want Google to do anything or what is the purpose of all this verbiage? Which moreover, unjustly dismisses whole issue as "marginal benefit to thousands". Being able to keep/recover email address is so much more than a marginal benefit, and there are many more than thousands of homeless in the US alone.
Maybe Google can do something. Just it probably shouldn't be something that alters security measures for billions.
I'm not dismissing the whole issue, just that it was presented in a way that's not actually conducive to helping the homeless.
If you remove forced 2FA, you would be dismissing the hundreds of thousands (at minimum) of tech illiterate people out of the 1.5 billion users who would get cleaned out in the coming weeks. Why do their lives not factor into your calculus? Are they not vulnerable too? All of this for a measure that could be resolved in so many other ways.
This is the problem I'm trying to illustrate. This sort of moral appeal helps no one, and in fact endangers other populations. If the goal truly were to help people, no one would EVER suggest an alteration that would expose billions for the benefit of thousands.
You really expect people caring for homeless to come with some ready made technically feasible solution? Of course they will do moral appeals and suggest potentially dangerous solutions first. That happens all the time! Getting a response "that aint gonna work get away" isn't appropriate here. Dialogue is, and for that we must listen a bit.
>In this case, we actually aren't being ambitious enough. Why are we having a system where we give out phones every 12 weeks to each homeless person? We'd probably save money for the program by developing some sort of dedicated device designed to be harder to steal or lose. Maybe a high-autonomy low-powered KaiOS smartphone that can be attached as a strap? It's not like the current devices are working.
You're putting the cart before the horse. The far simpler solution is for the government to provide the homeless with email. Now the auth can work however you want.
I agree that it would be a good start. What I'm saying is that the system of having to replace phones every 12 weeks is dysfunctional on its own and probably should be looked at.
Yup. Why break 2FA when we could have the Obamaphone program work with the case workers so that they don’t loose track of people in the first place?
Also, homelessness isn’t the problem we think it is. It’s millions of problems. Any solution will never help more than a subset of the homeless population. We need to iterate on small solutions to make progress.
Utter nonsense. Mandated treatment for drug addiction and severe mental illness would tackle half the problem.
Then provide contingent housing based on staying sober, sticking to your treatment plan, and getting a job. You can graduate when you’re able to pay your own way.
For non-addict/mentally ill homeless, it’s housing contingent on employment, graduate when you can pay your own way.
Is that really your only takeaway here? Feels like a parody of HN comments. It could be any other equivalent, I don't know. Even if it's KaiOS the homeless probably have other things on their mind than the CCP or whatever.
Let's say I care. Let's say I care a lot. I care so much that I'm willing to make it my personal problem to address the very real, very pressing needs of a critically vulnerable and marginalized part of my community from inside Google.
What am I going to do? Is anyone going to be happier if I stand up and proclaim loudly how much I care? Probably not.
Could I say "Gee, what if we just let everyone put themselves in the group of people who don't do 2FA"? Yes, if I wanted to be responsible for a lot of people not securing their accounts. Could I outsource identity verification to a wide assortment of groups (libraries, non-profits, etc.)? Absolutely, so long as I'm alright with this being used to gain improper access to a LOT of accounts outside the target segment. Could I offer more password chances and friendlier lockout times? Sure, so long as I'm OK with the negative consequences of this for a lot of people.
OK. Let's end the game now. We don't really have any major steps towards real solutions here. Empathy is very useful for showing where a problem is. Demanding what amounts to lowering the global bar for account security is perhaps not the ideal approach here.
Sometimes problems are just hard. Taking ownership and feeling empathy and sincerely wanting to solve the problem does not render them easy.
If you dont know how to control what happens in the park you build, then the park will be shutdown.
In the case of Google its not hard to speed up the process of shutdown. I just encourage them to keep working on more and more mindless ivory tower trash like Pixel phones, watches etc and inject more Ads into everything. They dont have the imagination for anything else but want a pat on the head for whatever they build. Give it to them.
It seems to me that Google is in full control of what they've built here. They've chosen not to put in the effort to find a way to meet the needs of this portion of their user community.
On the one hand, this can be quite reasonably derided as a lack of imagination. Surely there must be a way to do it!
On the other hand, well, we as a society accept that businesses are generally allowed to decide they just don't want to be in a market segment or produce some features. Bridgestone is not compelled by law to have a store in every neighborhood. Montblanc is not forced to produce disposable ballpoint pens.
Perhaps we should treat this as Google admitting the limits of what they're willing and able to build. There is no shame in knowing your limits.
It seems likely that enabling insecure account usage would be a net negative to huge swaths of their user base.
Gmail is functionally the root of trust / skeleton key to millions of people's online lives. The only real competitor is Facebook and, for some, Apple. I think Gmail is far better (more secure, more privacy respecting, less capricious) than Facebook.
With the admission by Chad that that homeless he advocates for can't retain mobile numbers, or ID cards, or 2fa keys, I have no idea how he thinks any secure access could possibly work.
I have the nagging sense that what we're seeing amounts to throwing one's hands in the air and exclaiming "There must be a way!"
As others have pointed out, turning off 2FA is available. Apparently that doesn't work either because the people in question forget their passwords. So I guess we should add passwords and biometrics (not available on all hardware) to the list of things that aren't going to work.
Like you, I'm left wondering what there is to anchor any level of security.
You're reducing the concept to an absurdly simplistic level in order to create simple vulnerabilities.
As I wrote, THIS WOULD NOT BE THE DEFAULT. It is quite possible to pre nominate the specific groups that can allow unlocking of an individual account. And that's all it is, account unlock when they use a new device, or putting the account into PW only mode for a period.
If the PW is forgotten you require a higher level of identity verification, like a bank/USPS/DMV process.
Facebook already has this enabled, you can have a friend/family member (or two of them!) validate your account.
If you're determined not to find solutions then you won't progress.
Gmail already has a system for using one account to unlock another, so no changes required there. A bank, USPS, or DMV generally requires ID or other identifying documents. The people we're trying to help often struggle to retain physical possessions like ID.
It's not that I'm determined to not find solutions. It's that I am determined to find solutions that don't create a degraded security state ready-made to abuse people's email accounts. Sometimes finding a good solution requires looking somewhere other than under the streetlight.
Like others, I'm led to the conclusion that perhaps Google isn't the party best positioned to solve this particular pain point for our most vulnerable and marginalized community members. Maybe we should be paying more attention to why Lifeline numbers aren't portable.
It's routine in disaster relief situations that people lose all their documents but then governments step in and allow identity verification via vouching: this other person Alice says you're Bob. Then Bob gets his photo on a temporary ID document and gets a DR payment.
Social workers, shelters, libraries etc are well placed to support that. They know these people because they see them every day.
If you choose to enrol in the "community assisted recovery" process then you could enrol a new device into your email with their help. Put a big red banner at the top of the email client saying "Community recovery via Topeka Library, Kansas".
Lifeline numbers aren't portable because people have no way to prove their ownership of the previous number, because they have no ID.
This feels ever-increasingly like asking Google to cover the role of a government agency. Universal service is something we expect of government agencies. It's rarely something we expect of private enterprise.
The whole "community recovery" concept sets my teeth on edge. It's a whole alternative authentication avenue ripe for exploitation. Anything that positive and innocuous sounding is going to be the target of many an abuse campaign - think Cambridge Analytica and all the people who handed over their info to innocuous-looking things. Telling people all their info has been stolen isn't all that helpful for protecting them and knowing the specific library or shelter that authorized it will do very little to help.
Plus it turns the people designated as recovery agents into high-value targets.
Again, I'm not trying to avoid finding a solution. I'm trying to avoid finding a "solution" that puts a large number of people at risk unnecessarily.
You could easily limit this program to people using Lifeline phones, or enrolled with a geolocated homeless support organisation. The vouching agents can't be high value targets if they're protecting the identity of impoverished people.
While I agree that empathy is the motivation and starting point, I do want to note that a lot of people in this discussion do seem to sincerely believe that this problem would be easy for Google to solve if they just cared enough. The framing of "Google's product designers should talk to my unhoused friends" in the tweet linked seems invested in this idea.
What if the most empathetic answer here is "This isn't really the right service for you"?
My dad helps people navigate the system to find housing.
Recent story was a 65yo + veteran living in a shelter. They hadn’t started collecting social security due to some debts and was worried it would ALL be garnished.
After explaining that veterans get expedited in line for housing and that they would still get almost all of their SS, they have applied for it and should be housed soon.
It doesn’t surprise me at all that 2FA causes problems after hearing many stories similar to this one.
> They hadn’t started collecting social security due to some debts and was worried it would ALL be garnished.
Is this common? I knew a guy who had the same mindset. I ended up paying him in cash for some work, he was convinced that if he made any money in a traditional role it would be instantly garnished.
It is unfortunately common. We're not perfectly rational robots, and so for a decent subset of the population, they go off what has happened to them.
And being paid $1k and assuming they'd have $1k and then discovering they only had $500 because of garnishment tells them "don't accept checks, cash is the only safe method".
And then it's not a step much further to be "it's not worth setting up social security because it'll all be taken".
People forget that there is a population group where fines are MORE HARMFUL than jail time. At least with jail, you can serve your time and be done.
You do realize jail isn't some magical unifying force of social justice right?
A while back a guy destroyed a vehicle of mine and drove off. Per criminal law in my jurisdiction, he should have served at least 45 days for that offense. But it isn't like that would ever give me my property back. It's also unlikely to deter that particular crime in the population.
Real, actual people exist who turn down raises because they're convinced it'd cause them to lose money, because they don't understand how marginal tax rates work. I don't mean low-income earners who may in fact lose out or not gain from a raise due to benefits cliffs, I mean people earning low-six-figures who think if their pay goes any higher "my tax rate will go up and I'll lose money" and are weirdly resistant to being convinced otherwise.
In many cases I think it has more to do with having to jump through a bunch of hoops with no assurance of what the outcome will be.
Another person needed an ID. In order to apply for the ID they needed a birth certificate. In order to apply for it they had to fill out the application, mail it with money, and then have a permanent place to have the birth certificate mailed an unknown amount of time later. At which point they then needed to apply for the ID and go through that process.
It's no different than people not investing in their 401k and getting the free match because they're worried about paying "penalties" when they take it back out. My employer has a 50% match and early withdrawal penalty is only 10% and yet, people still refuse to do it.
> They hadn’t started collecting social security due to some debts and was worried it would ALL be garnished.
Your contractor’s actions makes a some twisted sense to me as he’s still receiving ‘undisclosed’ cash. The homeless veteran doesn’t make any sense to me as he was not receiving the social security funds at all.
If I told you that you had a bunch of forms to fill out, and after doing all the work you'd get no money (and it would all go to your hated ex-wife or something), you might not bother doing it.
First, anyone skipping out on their responsibilities shouldn’t be getting a sympathetic reaction (and, yeah, I know they always have stories about how it’s justified in their case - my dad spent a lot of time hanging out with other deadbeats but every time details came out, surprise, surprise, they were leaving out a lot).
Paying people under the table has a lot of potential liability for you and it almost always catches up with them. Especially now it’s just not viable to live off the grid (e.g. hoping you don’t get sick isn’t effective) and all this does is ensure that the amount they owe the IRS is unaffordable when the bill finally arrives, usually when their earning potential has gone down.
"Not-my-problem" is a bad response, but the actual response is that without 2FA even more people lose access to their accounts. Anything that makes it harder for adversaries to take over an account almost necessarily adds friction for the users themselves. This isn't a "fuck the people who don't have regular access to a phone, they don't matter" situation. It is a "there is an aggravating balancing act in this situation and no solution will avoid harming everybody."
> but the actual response is that without 2FA even more people lose access to their accounts
This is not black and white. It is possible to encourage 2FA but allow to opt out. The same for phone numbers.
And that's why companies enforce 2FA: they want your juicy phone-number or other data. And yeah, maybe they also want to reduce support costs and avoid bad publicity. Still, it's not in your interest, it's in theirs.
If they at least would allow for a sufficient number of options. Like paper-tan (even self printed), yubikey or similar, second email address, an authenticator, ... but even big companies often only require a phone number.
EDIT: Yes, Google offers more than a phone number when creating a gmail account. I didn't say they don't. However: they don't make it easy and I would even go as far as saying that they are evil here. If you don't believe me, try to create a gmail account right now and don't google/search how to do it without phone number.
> Still, it's not in your interest, it's in theirs.
Which is okay, because it is a business.
If society wants homeless people to have reliable access to email without having SMS 2FA or whatever requirements a business requires, then society should elect a government to provide it as a utility.
There is no reason to expect or want businesses to pick up the slack for the government not providing adequate safety nets. Let businesses be businesses, and let governments handle redistributing wealth.
I think this is a better answer than it first appears.
Initiatives at for profit corporations will always exist within some business constraints, shareholder obligations, and so forth.
It would be very reasonable for governments to provide tax-supported digital services. I could easily imagine that spending a few dollars per year to provide the homeless with basic digital services would pay off simply in easing administrative overhead.
But we don't do it, because, in America, our sense of what government can or should provide is atrophied, and we, mistakenly, look to private actors to provide basic public services.
>But we don't do it, because, in America, our sense of what government can or should provide is atrophied, and we, mistakenly, look to private actors to provide basic public services.
I don't think this matches reality. The US government is doing more today than any time point in the past. Spending and taxation as a percent of dgp is at an all time high.
There's also a sense that nobody should have to do anything themselves. There's nothing stopping anyone from talking to a homeless person and helping them set up an email account without 2fa.
That's fair that I shouldn't make such an unqualified statement.
While public spending as a % of GDP has indeed increased, that's primarily driven by two things: increased defence (and related) spending, and increased spending on health costs.
At the same time, we continue to believe in privatizing basic government services: outsourcing social assistance to charities (including religious charities), outsourcing military and intelligence functions to mercenaries, or, on point for this thread, outsourcing ID verification to VC-funded private startups.
Looking at your numbers or just social spending, it is increased 50% since 1990 as a portion of GDP. Real GDP adjusted for inflation itself has increased more than 3x since 1990. This means that us social spending in terms of inflation adjusted purchases has gone up more than 450% from 1990 levels.
This excludes military spending and is adjusted for the purchasing power of those dollars.
I don't know about you, but I don't feel like we are getting 450% more value out of the government services. The numbers are pretty clear that the government is collecting more and more inflation adjusted dollars from people's income than ever before.
I Suspect we would probably agree that the government is not being a responsible steward of this money that it is collecting.
My primary point was that I don't think that the belief that a decrease in government spending and Revenue is reflected in the numbers. Further, I think it is important to push back on the idea that the systemic issues we see can simply be solved by throwing more money into an increasingly inefficient system.
Sure. My point was indeed to suggest we rethink what government can do.
Can governments (not necessarily the federal government) run a public service internet system? Sure, and probably more easily than we can, as another poster suggested, regulate tech companies into providing the right tradeoffs for housed and unhoused users.
I've been on municipal Broadband and it was fine. I ended up moving to a private provider because it was better and cheaper.
When it comes to the right trade-off for the housed and the unhoused in terms of email service, I'm skeptical that the solution is regulatory. It seems like there is a large number of email providers that already offer what the homeless need. The problem is simply setting them up with the correct provider and user settings.
This seems like a job for people that work with the homeless.
Sure. I was also saying the solution is not regulatory.
But, look at that: the federal government already provides the homeless with cell phones. Yet instead of arguing that the government should also provide free email—which of course costs far less than cell service—the poster argues that existing commercial services should better serve the homeless.
Which, of course, would be nice! But my point was that this kind of argument seems to reflect a mistaken perception of free online services as some sort of social service, with commensurate obligations.
I find your worldview overly constrains the range of possibilities and eliminates reasonable ones, like expecting companies to not disproportionately harm those in our society who are least able to recover from or avoid the harm
Businesses are not harming anyone by not providing charity.
I struggle to see a reasonable possibility to the government either directly or legislating others to provide identification and communications services. One of the greatest utilities in the US is USPS, a monumental accomplishment to be able to provide communications to all people in the US.
Tacking on email (and identity verification services - which USPS already does via passports) should be a no brainer.
> And that's why companies enforce 2FA: they want your juicy phone-number or other data.
It is possible. And, as far as understand it, the teams at Google in charge of this have evaluated this option and found that it leads to more lost accounts.
The people responsible for user authentication at Google are in a completely different part of the company as advertising and, in my experience, are especially stubborn about their focus on security. "This is about phone numbers" doesn't make sense to me given my personal experience.
> If they at least would allow for a sufficient number of options. Like paper-tan (even self printed), yubikey or similar, second email address, an authenticator, ... but even big companies often only require a phone number.
We are talking about Google specifically here, which offers all of these options.
For our product, 2FA is pretty important as a security feature (___domain registrar). That said, if you don't want to use it, that's on you as the user. We help out in a different way for those users - we make it impossible to disable account sign in email notifications if you don't use 2FA and those email notifications include a "nuke all active sessions and lock my account" button that can (and has) saved users if their account is compromised due to things like leaks of credentials that they've reused on multiple sites.
2FA is a major hassle for support when users get locked out because they smash their phone or change phone numbers or somehow lose access to the 2FA method. But, the benefits of 2FA largely outweigh those downsides for the majority of users. Offering the choice though, is something we think is important.
> For our product, 2FA is pretty important as a security feature (___domain registrar). That said, if you don't want to use it, that's on you as the user.
That's all I'm asking for as a user - thank you for being on the good side. Optimally you allow for multiple MFA options, so that I can e.g. use an authenticator app and a yubikey, as well as a recovery code in my bank.
> It is possible to encourage 2FA but allow to opt out.
You might be surprised to learn that this is how it works for Google accounts: it is default-on but you can turn it off.
> If they at least would allow for a sufficient number of options. Like paper-tan (even self printed), yubikey or similar, second email address, an authenticator, ... but even big companies often only require a phone number.
You might be even more surprised to discover that all of these options are supported for Google accounts.
I definitely vividly remember needing it a few years ago, but right now I can try to sign up and it says "Mobile Number (optional)" (Maybe that's based on some security heuristics).
Yeah and it also only works on your phone (or if you know how to make Google think you are on your phone) and in certain countries. All to my knowledge and based on my tests.
I just did it from Firefox on Linux in a private tab near Washington, D.C.. Fake name, no phone, no backup email. I was able to log out, sign back in, and send an email without any trouble.
No doubt they're letting me through because some security heuristic says I'm a real human, and I'm sure they'd eventually make me provide a number if I continued using the account (this happened to me with my university G Suite account a couple years ago and I needed to contact my IT department to manually disable the phone challenge), but so far I can't see any evidence that they're doing anything unreasonable.
Perhaps they're requiring you to use a number because you've tested it a lot.
I thought the same but I just tried on firefox desktop (Windows) and spun up a new google account with email, password, fake first+last name and fake bday. Really, I was expecting to be stopped at "Phone Number required" but it is indeed optional.
Google only allows non-U2F 2FA methods (like TOTP) to be enabled AFTER enabling a hardware U2F device. And signing up without a working mobile number is impossible. Anyone who says that's not true hasn't actually tried in the last several years.
Nope, while I also did have TOTP before U2F (because it wasn't even a thing then), the rules changed to where if you don't have a phone number on your account, then you're required to enroll a U2F device before you can turn on TOTP.
Can't turn it off for Google Ads account any more. Won't let you in. This is a real pain for shared google account in a small team like ours. Sick of Google removing user choice.
We all knew password, no problems at all. Now it mandates 2FA. And because they mandate it for Google Ads, now it's on for everything like Google Drive etc.
Gmail offers all of these (except for the second email address): paper backup codes, hardware authenticators, non-Google/gmail authenticator apps. The problem is that homeless people can/do routinely lose the “thing you have” part of 2fa.
> If they at least would allow for a sufficient number of options. Like paper-tan (even self printed), yubikey or similar, second email address, an authenticator, ... but even big companies often only require a phone number.
Oddly, I suspect if Google provided no free accounts at all--if you had to give a credit card and pay $5 to sign up--nobody would be complaining about this.
Which leads me back to the point made elsewhere in this thread: we have too high an expectation for what private companies can or should do, because they have taken the place in our minds if government.
And our expectations for what government can or should do are too limited, because we've convinced ourselves government is ineffective and unaccountable.
I can assure you that this suspection is wrong, at least about me.
I've personally bought/subscribed to various companies both personally and professionally. Just recently (a couple of weeks ago) I evaluated a couple of mailproviders. I discarded all of those that enforced 2FA with a phone-number.
For instance mailgun. At least the support helped me:
> Hello XXX,
>
> Thanks for bringing this to our attention.
>
> At this time, I have successfully activated your account so that it is now fully operational and you are all set! You may need to log out, then back in, to reflect this change. Also, your users can indeed utilize Google Auth without using a phone number.
>
> Please reach back out if any other questions arise.
>
> Regards,
> XXX | Mailgun by Sinch
Others weren't as flexible. E.g. Sendgrind:
> Hello,
>
> Thanks for reaching out to Twilio SendGrid Support and for your interest in our products. My name is XXX and I’ll be more than happy to assist you in this matter.
>
> I am sorry for the inconvenience caused by the 2 Factor Authentication process, but this is mandatory for all accounts, as a security feature.
> The only options available are to setup 2FA through Authy: to receive an SMS code or use the Authy app, which you can download here.
>
> I apologise for the inconvenience caused by the fact that we do not have any other options available at the time.
>
> Please do let me know if you have any additional questions in regards to this matter and I will be more than happy to further assist.
>
> Kind Regards,
>
> XXX | Technical Support Engineer Twilio-Sendgrid
Forcing me to use your own homegrown authenticator or a phone number? No thank you.
In the end I decided for a provider that offers 2FA but offers multiple options and doesn't enforce it.
> Oddly, I suspect if Google provided no free accounts at all--if you had to give a credit card and pay $5 to sign up--nobody would be complaining about this.
That is like saying 'if the DMV didn't offer IDs to people, no one would complain about not being able to get an ID'.
The fact of the matter is that email is 'de facto' online ID, and gmail has positioned itself into this role. They are now a societal need, not a luxury. They need to be regulated.
Email may be a societal need, but Gmail === Email. They're one email provider in a sea of providers. There are dozens to hundreds of free email provider choices out there.
One doesn't need Gmail to have a functioning email address.
I wonder how many people suffer identity theft versus how many have a working recovery email but are denied to use it because some algo finds it suspicious that you moved country or logged in from a linux machine?
The key takeaway is not about how we should promote 2FA or how we should promote long ass passwords, the main issue at hand is google's neglectful lack of customer support.
I was once caught in this non-sense many moons ago. But I learned my lesson, I absolutely do not rely on any google products for anything that has any potential to impact me personally (with the unfortunate exception of the Android OS on my phone).
Google as a brand is absolutely dead in the water for anyone that has woken up from the 'Don't be evil' kool-aid of the early days.
> the main issue at hand is google's neglectful lack of customer support
Imagine Google had a full service customer support system for account recovery that everybody could access rapidly. How would a homeless person use it? They lose all their possessions regularly so they don't have a reliable form of identification. They'd need to enroll their drivers license (which they probably don't have) in the system and then still have that license when they need to recover their account. Or they could be vouched for by a pre-enrolled trusted party account that does have strong authentication systems. But... homeless people are often transient and don't have access to regular support networks like a family member or social worker who could be enrolled as a backup account. In fact, you can already enroll as backup account if you want to.
> Google as a brand is absolutely dead in the water for anyone that has woken up from the 'Don't be evil' kool-aid of the early days.
Google has a pretty bad reputation at this point on tech blogs and forums. But, believe it or not, it actually shows up near the very top of trusted brands when 3rd party analysts do surveys on the wider population. Maybe this data is wrong, I don't know. But it is interesting.
> the main issue at hand is google's neglectful lack of customer support.
Customer support is the main entrypoint into 99% of sim swapping attacks and would be similarly for any targeted account takeovers. What sort of information do you possibly think would be enough to prove someone actually owns a Google account over the phone?
I've heard of some system for reviewing identification like drivers licenses in extreme cases, but homeless people are largely not going to have access to this either.
that is a phenomenal question that deserves to be answered by the highly paid engineers at Google
they're smart, I'm sure they can find a way, even if it contains such horrible, detestable ideas like "more support staff" and "more training for support staff"
Companies with highly trained support staff regularly fall for these attacks.
The answer has been figured out by the highly trained engineers. It's "don't provide account recovery options that bypass 2fa". Yeah that sucks for a segment if people, but it sucks less than regularly getting your account stolen due to a social engineering attack. There really, truly, doesn't exist a panacea. You don't have and can't create an oracle that knows when an account recovery attempt is legitimate or not.
That's also a bad response. The tech industry literally exists to invent things. That's its entire purpose. Why should we satisfied with a status quo that neglects the most vulnerable among us? What is the point of technology if not to solve these problems?
The claim in the link is that homeless people lose every single one of their possessions after a period of time. They also have minimal access to support structures that could be used as a recovery system. We've had decades of work on authentication and pretty much every solution either involves using a password manager to create unique passwords or having possession of a physical thing.
The best I can think of is trusted backup accounts, which already exist. A homeless person with regular attachment to a family member or a social worker could set up that person's account as a backup. But this already exists and is likely to fail for a large number of homeless people, who tend to struggle at maintaining long term relationships with family members or social workers who'd be able to help them.
I don't have one. I'm not a security expert or researcher or anything like that. But the tech industry has invented thousands of things that to most people would have been inconceivable beforehand. That doesn't mean there's a way to improve on the tradeoffs we have now — but the fact that no one's invented it yet doesn't mean it can't exist.
The tech industry self-styles as the smartest people in the world, who try to solve the hardest problems. All I'm saying is that we shouldn't throw our hands up when we can't immediately come up with a solution to something we only learned about five minutes ago.
> The tech industry self-styles as the smartest people in the world, who try to solve the hardest problems.
I think this is a good point, but the catch is that there's an implicit footnote that needs to be attached to "the hardest problems*": "*Which generate sufficient monetary returns". This particular problem isn't one that has much revenue potential.
This isn't something we learned about five minutes ago. It's been known that people lose their phones for a very long time. The tradeoffs were considered when designing the system.
Treating the tech industry as a magical black box that can "solve anything" is disingenous and dangerous. This is the exact same attitude that leads to things such as legislation that says "find a way for any communication to be decrypted upon subpoena. You're tech people, figure it out"
The solution is very simple. Don't force 2FA. I'm sure most homeless people would rather risk the unlikely case of their accounts being hacked if they didn't choose a strong enough password to memorize than risk getting locked out of their accounts permanently.
You can encourage 2FA but forcibly enabling it for everyone does more harm than good, especially to homeless people but also non-tech-savvy parents and such (though the latter would be more likely to have a working recovery method).
And then in alternative-universe HN people are complaining about the rate of account takeovers via credential stuffing and calling Google irresponsible for making it easy to disable a powerful security measure.
> You can encourage 2FA but forcibly enabling it for everyone does more harm than good
I'd wager that pretty much the only people on the planet who can definitively say this are the people who handle account takeovers and lockouts of large email services. My understanding is that the folks at Google responsible for this have concluded that making it behave the way it currently does is the setup that causes the fewest people to lose access to their accounts.
Password managers are absolutely not required. While they're a good idea for most of us who don't have to worry about having somewhere to sleep, homeless people can still most likely memorize a password and remember it after a few tries. They can't do that if 2FA is forced on them.
Everybody sucks at memorizing unique passwords. I'd be stunned if homeless people are consistently not reusing passwords. Credential stuffing is the #1 form of account takeover and 2FA is the solution.
The 3-2-1 backup strategy requires an offsite backup. It's unclear what advantage was forseen by the homeless when the decision was made to forgo this guidance.
Yep, reducing standards for everyone in an attempt to help a small minority is also a growing trend in the west. Schools dumbing down so everyone gets A’s type of top level decision making.
Sometimes you have to make hard choices where some people get burned because the alternatives are worse. That doesn’t mean you don’t care.
Right now, technology has reached a point where it's expected to be ubiquitous, however is not as accessible as other ubiquitous and necessary services. This has been brought up before, buy can someone in their 70s keep up with the changing UIs and websites and security requirements these days? This is all fine for something like Netflix or Spotify. But for government services, access to jobs, and fundamental communications this poses a problem.
I'm in my early 40s, computer programmer, and I've temporarily lost access to my WhatsApp account because I don't have a recent enough mobile phone, and the phone that I do have doesn't have a relatively recent OS installed.
It's a 4-year old (I think I've got it for 4 years) iPhone SE, on which I never updated the OS because I hadn't feel the need to do it. When I started getting pop-ups that "hey, our app will stop functioning on your phone unless you upgrade the OS" was already too late for that, I was afraid that upgrading the phone to the latest OS will cripple it permanently in terms of performance (the battery is already on its way out by this point).
So, assuming I get to 70, in no way I'll be up to date by then in terms of having the latest OS installed and all that crazy stuff, who has the time and the nerves for that? (especially the nerves).
I also don’t have a WiFi password at home, if it matters. Of course, I don’t have Internet banking nor do I do much (if at all) money-related things with my phone, something tells me that makes me more secure than people who trust Apple and Google with their money (at least the local banks have to answer to the authorities).
What’s your employment specialty that makes you trust Apple and Google?
Having a Wifi password is honestly pretty important unless you're remote enough that there's just no chance someone can access your network. Remember, unencrypted WiFi doesn't just mean that someone can access your network, but also that they can collect your traffic.
It's not though. No one writes perfect software on first release. Even perfect software adapts to the changing realities of our world. Staying up to date is not optional.
We're crippling along depending on family, libraries, charities, and other NGO support services.
The DMV works with people like this all the time; perhaps something could be done there where you have a government issued email address that you can't lose or be locked out of (worst case you take your ID to the DMV and the nice clerk helps you reset your password/sign in).
Google is already providing a free service to homeless people. It's not empathy to tell someone else to solve a problem that you care about. That's virtue signaling. If he cares, he should take matters into his own hands.
Is it too much to ask a single person to build a free email service for all homeless people? Perhaps, but the good news is that he doesn't have to. Google already allows you to disable 2FA [1]. He could have started a campaign to disable 2FA on homeless people's phones, but instead he uses this as an opportunity to shame Google to boost his own Twitter follower count.
I think that empathy is highly overrated. I doubt anyone notorious for flashing their big Johnson is particularly empathetic, yet LBJ expanded social services more than any other President. The problem isn't that people have too little empathy these days. It's that people are too easily impressed by broadcasting their intentions rather than actually trying to solve a problem.
looks like loder is talking about problems their own friends face, and the post is not directed at anyone in particular. venting is not virtue signaling
Loder has 130k Twitter followers without any claim to fame besides Twitter, so he knows exactly what he's doing. If he had vented about his friends cutting themselves with a knife that's too sharp, he would have been ridiculed, but in this case he can hide behind the Google hate bandwagon.
But many people consider LBJ to have been an empathetic president? I don't see how it's supposed to be self-evident that, because Johnson liked bragging about his johnson, that his focus on the Great Society must have been driven by hard-headed pragmatism. U.S. presidents have a wide array of problems to solve. LBJ didn't have to pick causes that are commonly associated with empathy for the downtrodden.
He didn't just brag about his dick. He went out of the way to show it off to his colleagues. I mean it's possible that his fetish outweighed his empathy, but it's more likely that he simply didn't care about making people feel uncomfortable.
He did progressive things, but to me it sounds like he was influenced by philosophical ideals rather than empathy. They based Frank Underwood from House of Cards on an exaggerated version of LBJ.
I have a sibling who's "no fixed abode". Teaching him how to use 2fa isn't the problem. It's that all property is transient, so the 2nd-factor can't be tied to property. It doesn't matter if that's his phone or his socks. "Something you know and something you have" does not account for those who have nothing.
If we all spent our collective efforts to make sure everything in this world is accessible to every single human being, we would have zero progress as a society. We are not even guaranteed the right to live in this world and yet you are advocating for the right to email service? It is shocking that someone could even have a thought process like this and receive so many upvotes.
Counterpoint, I taught several older relatives in my family how to use 1Password.
UX for good security can exist, but it does need a little bit of education.
We will all be old one day but I have trouble believing we will just forget how to use computers. On the other hand, we do need to carefully consider the role google plays in our lives… especially for us Europeans, who are just at the mercy of a US company’s whims.
What if that homeless person was your substance-abusing sibling? A friend from school with mental health issues?
I think we also have to realize that not everyone who is homeless has problems that can explain it away.
It's easy to look at someone who is homeless and tell yourself, "Oh, he's a dope addict. He did this to himself." It's only very rarely true, and you're only making excuses for not helping another human being.
Just last year there were newspaper articles about how a shocking number of perfectly normal public school teachers in California live out of their cars, just because they cannot afford a place to live on what they're paid.
Most people, especially in the SV bubble, would be shocked to learn how many of the baristas, maids, security guards, convenience store clerks, and other people they encounter every single day are homeless, living in their cars, or sleeping on other people's couches through no fault of their own.
> The "quiet homeless" who can hold down a job are also likely to be able to keep track of a phone or other two factor device.
While I agree that there's a lot of generalization here, a lot of the point of supporting the homeless in the first place is that big tech should support everyone, even if they are indeed someone who "can't keep the same cell phone number for more than 4 months at a time" (via the source twitter thread) as if they're a government that must cater to its citizens.
Just trying to motivate some empathy, "there but for the grace of God go I." You are correct than many homeless people are not carless, or they suffer from housing uncertainty (couch surfing, itinerant sleepers rolling through difficult family situations and severe housing shortages). Probably they can manage 2FA though.
> Practically, we need ideas like to 2FA to gain tractionas widely as possible, while realising that isn't everywhere.
thats just one opinion on security. you see this world where google is an identity provider, and you prove your identity to it via a librarian or bank. i dont. an internet service should absolutely never require any form of government id nor separate network like cell.
you just backed off and said that the thing i responded to is an auxiliary point then your last sentence just retakes the position you backed off from by reclaiming that the auxillery point is true
shut the fuck up. of course someone named octect is the most braindamaged fuck on earth.
As someone else pointed out, there is an unavoidable tradeoff that had to be made here between account security, accessibility, and privacy. Reasonable people can absolutely come to different conclusions, but I think it is arrogant to believe that a different decision from the one you would have made could only result from incompetence or ignorance.
> we need ideas like to 2FA to gain traction as widely as possible
No, 2FA needs to die in a fire. Easily circumvented in most social attacks that actually matter, false sense of security, massive timewaster/usability-hell/pain in the butt, acts as a novel social/corporate/accessibility barrier to technology for a large number of previously unaffected groups, and poses a threat to software freedoms.
There are many ways to strengthen security and this has got to be the shittiest one.
Get rid of software that doesn't have to be an online service, for one. This cuts 90% of incidents.
Then, all the "common sense" stuff: encourage use of password managers to discourage password re-use, having actual humans providing actual customer support when suspicious activity is flagged, companies educating about safe practices like banks do now (e.g. always call back to a trusted number), spam prevention at the ISP level, SSO authentication, VPN ...
At the very least there must be better ways to do two-factor authentication than what is the standard default.
And to top it all off, on many services, if you cant get all that to work, all you need is your "memorable word". *facepalm*
A hardware token can be lost as well, and "in app" push notification (or whatever the app does) you stil need the telephone or at least the SIM/same telephone number, don't you?
No the device auth prompts are completely independent of mobile number, you don't even need a Sim card.
Giving homeless people a secure and convenient place to stash documents would be a great outcome. Birth certificate, military discharge papers, licences, 2FA codes. Many homeless people live in cars and have all this stashed somewhere in the car, but then the car gets stolen/towed (e.g. because they haven't paid car registration) and then they're sleeping rough, without docs.
>No the device auth prompts are completely independent of mobile number, you don't even need a Sim card.
Sorry, I don't understand, I believed that the independence from the SIM for an app was for an app already installed and authenticated on the specific device.
If you lose the smartphone (with the app), and the SIM, how can you install the app and be authenticated on another device?
I mean short of a SMS or a code via e-mail (both not receivable/accessible).
>Giving homeless people a secure and convenient place to stash documents would be a great outcome. Birth certificate, military discharge papers, licences, 2FA codes. Many homeless people live in cars and have all this stashed somewhere in the car, but then the car gets stolen/towed (e.g. because they haven't paid car registration) and then they're sleeping rough, without docs.
If you lose your device it's a problem, but at least you don't need a local cell phone plan. (I'm almost locked out of my Canadian bank because it won't accept international phone numbers for 2FA.)
If you know this will be a problem you can enrol with TOTP, using an app but also writing down the initialisation code or printing out the QR code.
This is almost the same as having 2FA recovery codes written down somewhere.
A secure version of luggage deposit, but just for small things. We used to have safe deposit boxes at banks, though it doesn't need to be that secure. The key limitation is that the client can't travel far, and they have to be able to open it based on a matching photo, not an identity card.
Yep, but the issue (in the specific case of the homeless) is that the devices (and the - let's call it "optional" - SIM/local cell phone number) are lost/stolen, the written down emergency/recovery codes may work IF the other idea (luggage deposit) is implemented, let's call it EPBD (Essential Personal Belongings Deposit).
No, people like you really highlight the “If they don’t help everyone then they are being immoral” mentality. Which is wrong.
Down grading security for the benefit of a tiny minority with an especially ridiculous use case is not the greater good. If the homeless people think they are at risk of losing their phone then they should pick another free email vendor.
1. Vulnerable populations need more assistance accessing essential services required to participate in society
2. Service providers need to maintain a reasonable level of security for their customers
Can both be true. Saying that maximum (or minimum) levels of security are required at all time completely misses the point of security--which is to mitigate risk. How much risk is appropriate varies a lot by context.
Beyond the context of risk, there is reasonable debate to be had on how to best provide access to essential services to vulnerable populations. It's pretty important to have an email nowadays and if you're not tech savvy or an individual/community has little to no money to spend it's not unreasonable to have the reality of the matter be that there may simply not be many good alternatives (or awareness of alternatives) to GMail.
I'm not sure what a correct answer here looks like, but I don't think ignoring the need is an approach that gets us to a better society or enables vulnerable populations to better care for themselves.
> there is reasonable debate to be had on how to best provide access to essential services to vulnerable populations.
What is the debate? The government can collect taxes and provide services, like they do for multitude of other needs.
> I'm not sure what a correct answer here looks like, but I don't think ignoring the need is an approach that gets us to a better society or enables vulnerable populations to better care for themselves.
The correct answer is not depending on the largesse of businesses. It is using government resources to provide methods for identity verification, communications, and various other bare minimum needs for living.
The debate parent mentioned is what to do with the money, not where to get money. You can see that there are lots of possible options, right? But you say use taxes like it’s ‘duh, easy’ or something. Now we’re in the realm of the debates actually happening every day in the US, whether to provide social services at all, before we even discuss how much money they need, what to do with it, and where to get it. A huge portion of people this country seem to believe that they don’t benefit from taxes and would prefer safety nets for other people not come out of their pockets.
> The correct answer is […] using government resources to provide methods for identity verification, communications, and various other bare minimum needs for living.
This also sounds like you think it’s easy, without considering the implications. (If govt resources is the solution, why do we still have a problem?) We don’t have municipal or federal Gmail or Facebook, and there are reasons to believe programs like that would take a long time and cost a lot of money. The ‘bare minimum needs’ have changed dramatically in 20 years, and will probably keep changing just as fast for a while, with the homeless population growing in the mean time because the tax-funded social safety net we have isn’t doing the job.
> A huge portion of people this country seem to believe that they don’t benefit from taxes and would prefer safety nets for other people not come out of their pockets.
Exactly, and they love it when people waste time and energy blaming businesses for not providing charity. This whole tweet storm should not be directed at Google, but directed at the US federal government.
> This also sounds like you think it’s easy, without considering the implications. (If govt resources is the solution, why do we still have a problem?)
Because it is purely political. Stalling progress on providing essentials for life helps keep people from getting help, and hence keeps taxes lower. If the US government can do identity verification for passports at USPS offices, it can do the same for other purposes.
>We don’t have municipal or federal Gmail or Facebook, and there are reasons to believe programs like that would take a long time and cost a lot of money.
If the world’s leading country cannot setup email infrastructure, then we have huge problems. Presumably, it already does for the how many million federal employees?
> The correct answer is not depending on the largesse of businesses. It is using government resources to provide methods for identity verification, communications, and various other bare minimum needs for living.
To be fair I don't see how any government system can do better regarding identity on the internet. Login.gov is one of the best services I've used for access to usajobs/SSA/etc but it follows some of the same security best practices people are complaining about here with no real way to re-gain access to your login.gov account should you lose your 2fa methods (afaik).
The US government uses the USPS to do identify verification for passports. If it can handle identity verification for passports, why would it not be able to handle identity verification for other purposes, such as replacing or reauthorizing one’s MFA device?
Hell, it should be trivial to offer federal government provided emails with ID verification with customer service in the event of loss of device/loss of ID/death/etc.
Passports require the most paperwork out of anything - your in particular, a birth certificate, a second form of ID including a driver's license, a photo, and $130+$35. The USPS isn't just looking at a face and issuing a passport.
0The issue here is that homeless don't hold onto anything physical for 4 months; identity verification breaks down in-person immediately as shelters/libraries can't be expected to run a facial recognition operation, and specific shelter employees/volunteers aren't guaranteed to be there anytime a homeless person might walk in and need those backup codes, but it breaks down even further online since 2fa is inherently 'what you know' + ('what you have'/'who you are').
> Passports require the most paperwork out of anything - your in particular, a birth certificate, a second form of ID including a driver's license, a photo, and $130+$35. The USPS isn't just looking at a face and issuing a passport.
The point is the hardest part of the problem is already solved - which is the physical infrastructure and labor. As for not holding onto physical items, USPS also has little boxes that people can keep their belongings in.
The USPS and banks would be ideal identity validators. Having run a few mail servers I don't think the Govt is best placed to do that, but they could outsource it to google, with a few tweaks to allow identity attestation.
Many other countries have a central government portal with secure messaging, with federated identify. Heavily reliant on 2FA of course.
SMS 2FA needs to disappear (or be relegated to a strictly optional, discouraged method) yesterday, and so does using a phone number as the primary user identifier.
> SMS 2FA needs to disappear (or be relegated to a strictly optional, discouraged method) yesterday, and so does using a phone number as the primary user identifier.
A lot of the downsides are mitigated by using Google Voice as the SMS number, since attackers can't migrate your number away from Google.
But in general, I totally agree with you from a security perspective. I just think that it's a difficult thing to get people to use authenticator apps. Apple has resorted to baking the functionality into their OS.
That's what I'm doing, and it works fairly well – until I get to one of the many corporations regarding VoIP numbers as inherently insecure, and they don't let you use it for 2FA purposes... (Nevermind Google supporting robust 2FA for logins, and my phone operator not even offering 2FA for eSIM swaps.)
And that's disregarding the elephant in the room, i.e. Google inevitably pulling the plug on Voice at some point.
Again, this idea of "secure by default" should at least have an option to opt-out. A few misunderstandings about phones:
1. Somebody has a phone
2. Somebody has a smart phone
3. They are in contact with the phone 24/7
4. They are the unique user of that phone
5. The SIM card and/or number cannot be taken from the phone (virtually or physically)
I currently have to use this for work, with the only positive being that if I get locked out, I can go tell the admin team to let me back in. With someone like Google, it's not even possible to get them on the phone to explain, let alone have them believe it is really you.
I agree there should be more explicit support here, but can this not be "solved" with backup codes? One or more could be given to a trusted person – a family member, a friend, or even a trusted librarian – or a backup code could be remembered.
The tough issue here is that these access edge cases look a lot like malicious use. The aren't but authenticating someone who has no device or ID or really much else to authenticate themselves is a Hard Problem. Passwords also aren't the solution here, the industry is moving away from them precisely because they provide poor authentication, particularly for vulnerable people.
This is potentially a solution for some but it’s not perfect. If they had a trusted friend or family member who could store backup codes and deliver them as needed, they could probably also just stay logged in on that person’s phone or even have emails sent you that person. Keep in mind that they have limited transportation and likely lose their contacts when they lose their phones, and many will have strained relationships with the housed people in their lives.
A library solution may not scale. Sure, a librarian might develop a personal relationship and do this as a favor for someone. But the author mentions talking to about 30 people with this problem in his neighborhood, which suggests that if word got out a librarian was doing this and they tried to institutionalize it, a library might have to store codes for dozens or hundreds of people it has no way to authenticate.
I think there are possible solutions here for a library, off the top of my head, taking a picture of your face when dropping off the codes, so that when you come back and ask for your codes, the librarian can ID you against the picture they have. Basically what is done when verifying your ID card/passport when you travel/go to the bank etc...
It wouldn't be a librarian doing someone a favour, but rather a service that libraries provide.
This could be a great evolution for libraries. They are already a distributed, public system, that people in general trust, but their role in society has changed with the rise of the internet and online services, and this could be a really useful role they could fill.
Yes this is sort of what I was envisioning. Not as much one trusted librarian doing a favour, but a librarian team having a filing cabinet full of backup codes and an ID process that they trust and that is appropriate for their community.
This is the sort of thing that I think Google could support explicitly with more access control around it, but I don't think that's entirely necessary to get the benefits.
Backup codes could work - but if they have the support of a trusted person they likely can be assisted in other ways, too.
Defining a state-sponsored email account that can only be logged in from specific government machines (imagine a kiosk at the DMV, say) where there are trained clerks who can identify homeless in some way could work.
An interesting idea, but I suspect it just pushes the issue back one more step. How do you authenticate for login to that email account? Specific machines limits but doesn't fundamentally change the attack surface.
If the person has ID, then many options work, but if they don't what can a DMV and trained clerks do that others can't in some way?
Lastly, I'm not from the US but even I've heard that the DMV is a hellish place with queues hours long. Putting more barriers in front of those who are already in a tough spot (and may need to spend that time working, queueing for shelters, etc) is a big ask.
Yeah, you have to keep falling back - my idea was that assuming homeless don't move very rapidly from one ___location to another, you'd have people at the DMV or shelter or wherever you put this who actually recognize the person and can "vouch" for them.
It's not an easy problem to solve with "one quick trick" by any means. Part of the reason the DMV can be hellish (in the US at least) is they have to deal with everyone who has an ID, not just the "good customers".
Does anyone else notice old accounts that were working fine in the past randomly get demanded to enter your phone number for verification. "We detected unusual activity" is such an obvious lie.
When setting up thunderbird, I've had multiple Google accounts lie about suspicious activity and demand I go through about 10 captcha checks and enter my old password and answer my security questions and verify my phone number. After passing all of that without error, they STILL won't let me log in with a blanket statement about security.
Why oh why would they ask users to jump through extreme hoops just looking for any possible questionable failure to point to as an excuse, but still reject you after passing everything? If you're not going to let people use their account, farming free AI detection and personal information out of them doesn't seem like a legitimate tactic one should be doing.
They discriminate against some phone numbers too. They have to be in whatever they think the correct country is, they often can't be VOIP or VOIP related, and there's unknown blacklists of some famous numbers sometimes.
What happens when we run out of phone numbers? I won't be surprised when accounts start getting banned for "sharing" or "ban evading" phone numbers (aka getting a new phone number for any reason) because it screws up their ad tracking of you... Or they'll force you to first log into an account in order to delete it even though it belongs to somebody else. Or your new phone number you bought specifically for authenticating a separate account is banned (just like voip number) because a previous user was banned using it.
There was a bill to improve digital identity in the us Congress but I don't think it went anywhere. I do think govt issued digital id, while in some ways problematic would be a step in the right direction
Personally, I find it particularly infuriating that more and more companies are demanding to use phone-based 2FA even when I already have 2FA authentication set up. This applies to Google, too, which has forced me to add a phone number and get a SMS 2FA code for accounts that already had non-SMS 2FA configured.
The whole reason I use an authenticator app is so that my accounts aren't dependent on having the same phone number forever!
Being strongarmed into giving up your phone number is as much "for your security" as manifest v3 is "for your privacy". They could care less that you have 2FA enabled, they want that phone number. Many people never change their numbers and enter them into hundreds of sites, creating a wealth of data which can then be profitably correlated with your email content, google account activity, searches, ___location, etc.
I'm sure you won't blame it on the "big bad tech" once you drop your phone in the pool and lose access to your accounts because they never asked you to create an SMS backup
Potential solution, the Obamaphone program keeps using the same phone number for an individual instead of totally new ones every time they lose a phone.
We should not be treating phonenumbers as SSN round two, where everyone relies on it for your identity, and it should never be changed because of how much shit was needlessly tied to it.
I rue the day I need to change my phone number and my digital identity becomes a huge headache, especially for far flung services that decided they wanted my phone number, but I wouldn't have considered going explicitly to them to update it.
The correct solution to this and a shitload of other problems is a real, national ID program. But there's enough resistance to it in both US political parties that it can't happen. The lack of it causes a ton of stress, over the population, and is a drag on the economy, but we're just never gonna fix it. Instead we'll de-facto have one (or more) anyway, including 99% of the risks that a real one would carry with it that everyone's so hand-wringy about, but without the benefits of the real thing.
Yeah, it's brought up from time to time but the right hates national ID programs and enough on the left don't like it (including elected officials, not just voters—the distinction's worth mentioning) that it'd take an implausibly-huge supermajority of Democrats to ever pass such a thing.
Never mind that all the things they're worried about would barely even be easier with an official national ID versus what exists now. Let alone hard/impossible without one.
But no, we just suffer though tons of wasted time for all bureaucratic processes and all kinds of hassle keeping our documents in order and tons of fraud and abuse instead. For no benefit. So we can pretend the government can't already "make a database" about dissidents or gun owners or Christians or whoever very nearly as easily and effectively as if we had an official national ID, if they wanted to. Sigh.
I think it's worth noting here that the passive resistance to the idea of a national ID among Democrats has a lot to do with Republicans regularly hijacking voter ID bills to specifically make things harder for the poor and minorities, and the expectation that they would absolutely do the same for any national ID program that actually got Republican support.
It's not ideal, but phone numbers already are how we verify identity online and sometimes offline. There's been other methods proposed, but they've generally been rejected because of concerns over privacy.
I'm not proposing a solution for the real issue, simply a way of making things easier for people who have a hard enough time already.
It already is that, which is precisely why google is using it here. Google is an american private company. Phone numbers have government mandated systems around the world that allow a individual to keep using them even when they lose their phone. Google uses it because it lets governments solve the identity problem in the fashion and to the degree they deem acceptable, and leaves google in the tech business. Some countries have issued ID cards which support encrypting and signing documents. If that becomes more widely practiced, then google could switch to that instead, but until then I imagine they'll keep using phone numbers.
An authenticator app is a much better 2FA solution that I opt for at every opportunity.
Google's authenticator app is brain dead because they want to encourage 2FA over SMS. Why? Because it has the wonderful side effect of destroying your privacy. With your phone number, Google can easily identify you personally. Ain't that special --- privacy invasion wrapped up in security clothing! Much too tempting for Google to resist.
Google didn't invent OTP so there are other apps that are perfectly compatible.
Word to the wise, it should be obvious by now that all things "Google" are synonymous with "privacy invasion".
Reinstall the app and restore private keys from off device backup.
The lack of key backup and restore is one big reason not to use Google's authenticator app. Other compatible apps are not so brain dead. I backup every time I add a new sign in.
If you don't have the ability to sign in from multiple devices and the ability to install access onto any new device, then you're doing it wrong.
Phones are highly portable devices subject to being stolen, damaged or just dying for no obvious reason --- so always be prepared. This is simply not possible with 2FA over SMS.
I don't even know what this has to do with the homeless. I don't want ANY of my internet accounts to depend on my phone (which I can lose, and I just don't want it to be a big deal) or, worst of all on "my" phone number, which IS NOT, never was and never will be controlled by me — but by my cellphone operator. Who isn't my friend. Both problems seem to be so obvious, that I don't see how pointing out (also rather obvious thing) — that life out there on the streets is a bit different than in your [home-sized] cubicles — can help.
And since it's always more productive to assume malice, not stupidity — obviously, this is the point. Somebody wants you to depend on your phone number, something you don't really control and cannot easily change. This isn't about comfort and security, it never was. What else is new.
But, I mean, if I have to pretend that it's not about me, but about homeless people for something to be changed — I guess I'm homeless' rights supporter #1 from now on.
I have lost access to Tinder and Transferwise because I moved between the UK and Australia and thus changed my phone number. Whatsapp also silently fails to send me private messages now, even after I went thru their official inbuilt 'I changed my number' process - only my group chats work now. The messages appear to send to the sender, they don't even know I didn't receive them.
One of the worst examples I've heard is that Overwatch 2 not only requires a phone number, but they actually check with your carrier if it's a prepaid number, and if it is, you're banned. Sorry poor people, Blizzard doesn't want scum like you playing their game.
Assuming someone's phone number never changes, or that they'll have access to their old and new numbers at the same time, is simply wrong and does not work.
I haven't been locked out of Google yet, somehow, but maybe it's just a matter of time.
I very explicitly do not have 2FA enabled on my email account, and it's also the only account that's not a random password from my password manager but rather a (very) strong password I memorized.
Maybe my house will get burgled, maybe I will lose all my stuff in travel, or a fire, or ... I don't know. Email is kind of the key to everything, which makes 2FA important, but can also a huge pain in all sorts of exceptional situations, and losing access to your email often means losing access to lots of other stuff, too.
I feel account access is still an unsolved problem; 2FA is a meh stop-gap solution at best with lots of trade-offs. Ideally your account should be tied to your identity (e.g. passport or the like) in a privacy-secure manner.
Here's the solution: Since OP is regularly in contact with 30+ homeless people, he can offer to be their backup email account. He can then confirm the identity of people if they lose access to their account and help them get it back.
Or, he can safely store their 2FA backup codes in his house.
The homeless make up like 0.1% of society. And not every homeless person has this issue. It would be insane to make any feature for like 0.02% of the population. Especially a feature which diminished security. Because yes, those 0.02% of people might have an easier time accessing their accounts, but probably 100x that amount of people are going to end up getting tricked into de-securing their account, or do it by accident, and end up getting compromised.
> Here's the solution: Since OP is regularly in contact with 30+ homeless people, he can offer to be their backup email account. He can then confirm the identity of people if they lose access to their account and help them get it back.
> Or, he can safely store their 2FA backup codes in his house.
Why even have security? Your solution practically screams for those 30+ people to be taken advantage of.
Just use a different email provider whose procedures align with how you regularly change your phone number.
Why would Chad Loder take advantage of them? Yes, it gives him the ability to, but that doesn't mean he will.
Why have security? So some random, untrusted person can't compromise the account. If Chad holds the codes, then only he can compromise the account, and maybe their relationships are good enough that they would trust him.
Using a different email provider also works, but I assumed there would be some reason that doesn't work - android effectively has a built in gmail client, non-tech people might just autocomplete "@gmail.com" and mess up someone's address if it is a non-expected ___domain, etc.
> Why have security? So some random, untrusted person can't compromise the account.
I know why there should be security. I was pointing out that what you suggested would degrade security.
It's not whether one specific person would do anything with 30 phones' backup codes but that such a list would exist. There are many other valid security practices that can be used.
This is a non-issue. When signing up for 2FA google provides a set of backup codes and instructions on how to use them when access to your phone number is lost.
I don't work for google, and recognize they have many other issues, but this person on twitter is incorrect. There are other methods in addition to backup codes. There are voice authentication and id upload. I've even had Google call me back, and I spoke to a person who manually authenticated me.
This particular system isn't broken.
Of course, there are many other email providers. Why would someone keep choosing the same provider, when it doesn't act in the way they expect?
The article mentions that "maintaining possession of anything physical is difficult" for the homeless. Let's say they print out the backup codes...but then their backpack gets stolen. Or it just rains and ruins the paper.
I want out the ability to opt out of this 2FA nonsense. I’m not a journalist in a war zone, I’m just a guy who wants to read his email (with a 64 character password containing random ASCII characters). 2FA is just an excuse to make the abuse departments life easier by raising the cost of botting accounts.
I'll accept the downvotes, but I don't feel like optimizing for the subset of homeless people who regularly lose their phones and their recovery codes is a good use of resources. I'd change my mind if someone could cite reliable sources that say this is actually a large community that Google as a corporation should really be paying more attention to, but just this one guy on Twitter is not enough for me.
2FA that delegates to SMS needs to be illegal and addressed by congress at this point. Whats "actual" happening is you're delegating authentication to another company that performed either a hard credit check the person (the vast majority of us) or has a prepaid (likely the situation above). In both cases, it's delegating of IDV and needs to be outlawed.
Google has a lot of issues, but the gist of these twitter posts, is that homeless people lose their phones multiple times a year, and their phone number, and this makes 2fa hard.
But, I mean, why are they not railing on the phone companies, to make it easy for the homeless to keep the same phone number?!
This is not just the homeless, there was a post on HN from a librarian talking about the same issues for the elderly and socially disadvantaged. The issue is that Google forces 2FA on them, even if they otherwise don’t have a phone.
This post was also very misleading. The concerns the librarian raised were actually addressed. The doc was old and made public by somebody other than the librarian, who edited it after it blew up to make it clear that the content was out of date.
======
Addition, 08/02/2022, 3:03pm: I don’t know how this got shared to HackerNews. I appreciate all of the positive responses we have gotten. However, this was not an open letter. It was meant to be shared internally to Google. It went directly to the security team and we had a conversation about it about a year ago. Things have improved significantly since then and this is no longer a daily problem. Please stop calling the branch or emailing me about it. It’s interfering with my work. Press inquiries can be made through https://libwww.freelibrary.org/contact/ and the public relations department will be in touch with you.
If you want to learn more about patron privacy and support librarians advocating for patron privacy and against big tech please check out https://libraryfreedom.org/ which is a wonderful organization I am a part of that does work like this. I still firmly believe in and stand by everything that I wrote. But this particular action was not meant to be a public letter.
Also! If you’re in Philadelphia you should check out this big program we’re doing on August 12th called Empathy Versus Misinformation where a panel of experts will address questions and misconceptions about transgender youth!! Boy am I relieved that this was a Google Doc and I can just put whatever I want onto the front page of HackerNews now :)
> Doesn't sound like it was completely resolved. In fact, it sounds like Google may have treated it as a "squeaky wheel," and only that library is getting better help.
So on one hand we've got the actual author of the original document saying one thing and on the other hand we've got an uninvolved internet poster saying something else.
It really is every company's fault that jumps on this absurd trend of seeing SMS-2FA as the be-all and end-all of user identification and verification.
Google is actually doing much better than the competition here in many aspects (e.g. it is possible to operate a Google account completely without a phone number for 2FA or account recovery), but as far as I understand, one is still required to initially create an account.
> it is possible to operate a Google account completely without a phone number
This is only true for a limited time. I've tried to use a couple Google accounts this way and inevitably I log in from a new IP and Google's 2FA system kicks in - forcing me to either furnish a phone number or lose access to the account.
It's similar to how Twitter forces phone numbers out of people - just not as immediate.
That's definitely a problem, and a tricky one to solve in the context of 2FA: One of these factors is usually knowledge (your password); the other then has to be possession or inherence, and the latter has problems as well.
Essentially, if you rule out possession, your choice is between server-side validated biometrics (if offered at all), or "double knowledge" (e.g. a password and email 2FA, with the email account also only protected by a password), which is pretty phishable.
I think the answer here is not that Google makes bad product design decisions it's that we shouldn't live in a society of incredible wealth but some people still don't have homes and have to sleep in places where they are constantly the victims of property crime.
I went cellphone-less 2 years ago, and have experienced this first hand. I've been locked out of my Gmail, Ebay, LinkedIn, and other services multiple times. I was unable to apply for government services either, until I finally found a decent soul that used there own phone to register me. But they shouldn't have needed to do that, and we shouldn't be required to have a spy phone just to be part of society.
These spy phones and the apps they peddle have become a plaque upon humanity. They use addiction and coercion (denied services) to keep you under there spell. The worst part is that they are being forced upon our children, way worse than the tobacco industry ever tried.
Ticketmaster started requiring 2FA, but they only allow phone numbers connected to a SIM card.
For over a decade, I've been using my Google Voice number as my identity, with whatever number is on whatever SIM I happen to have at the time being an implementation detail. Ticketmaster doesn't accept that, so now I have to schlep myself over to the venue (which often includes a bridge toll) to buy tickets at the box office. It's infuriating.
I believe Credit Karma Tax also had this problem, which is moot now that Square owns it (since Square doesn't have this problem).
I wonder how WebAuthn Passkeys will fare here, as they can replace both passwords and existing 2FA systems.
With Passkeys, your credentials will automatically sync between devices. So as long as you have some way to log in to your main account (Apple/Google/Microsoft, etc.), then you should be able to maintain access to all other accounts, even if you’re always moving between devices.
And there is a solution to the single point of failure problem as well, because there is a built-in flow where you can copy the credentials to other platforms, in case you lose access to your main account.
I will offer an unpopular take. Maybe we should not be focusing on ensuring homeless have access to email. Maybe we should be focusing on ensuring basic services do not require email and/or cell phone.
It's meant to imply that private persons shouldn't be allowed to own property, and that a central authority should be responsible for "housing" people.
Every solution/alternative would always impose challenges that can be considered an edge case initially until it becomes permanent.
For example, if Google wants people (who have a tendency to lose their 2FA devices more often) to always use this feature, and in case they lose access to their device, they could use a trusted designate who can verify on their behalf that they are the ones signing into the service. But then again, this alternative will impose some new challenges such as:
- What if the designate is not available?
- Designate is available but also lost their access to verify the other person?
As with this case being raised here, it will always be a process wherein Google (or any other organization) will have to explore and find meaningful solutions that is both inclusive and considerate on specific conditions.
The variability alone of such premise is huge that I am quite sure when the next edge case comes up, there are other edge cases boiling down that will become the next set of issues.
Won't using e.g. Authy with Gmail for 2FA alleviate the need for a phone number after the initial setup (i.e. requiring a number only once, to initially enable 2FA)?
Yes, but that's a highly technical solution. I've been trying to get my girlfriend to use Authy for 6 months now, and the solution we landed on is that my Authy app has all of her 2FA codes, and she just calls me if she needs one.
To you and me 2FA doesn't seem that complicated. But to less technical people it's just overwhelming and they don't want to bother with the learning curve.
What learning curve? Setting up the account in the first place? Sure, that’s a tad complicated, but I really don’t understand why your girlfriend finds it easier to call you when she just has to open the app and the code is simply there.
There are various approaches to 2FA, from backup codes, to SMS, to external physical keys - none of them workable for the specific use-case OP defined: person is homeless and losses their stuff every few weeks.
For that situation no 2FA solution is going to work.
Of course there is. For instance a printed paper tan list. Yes, this is not as safe a proper 2FA device. But it's easy to access, cheap (just go to a copyshop and 10 cents to print it, then put in a plastic bag) and it's so small that it's easy to put it somewhere where you don't lose it and is hard to get stolen.
The issue is described further in the Tweet chain: Physical property retention is more or less impossible; these people typically end up getting their phones stolen every month to 4 months. The same would be true of IDs or other paperwork that could be used to prove their identity.
They get phones from a government program. Each new phone has a new number, and due to the above challenges, it'd be challenging to port numbers and keep a consistent number.
Authy accounts are keyed to your phone number, and to set one up on a new phone you have to receive a verification call/text.
From what I remember when I used Authy briefly (Google Authenticator finally added the ability to mass import/export codes shortly after I ended up trying Authy), you create a login and set a master password, and then you have access to your codes on any device when you log into the app. Of course, this means that you have to trust Authy with your codes being stored externally, but this might be one of the sets of circumstances where that's preferable.
I did some more research. It looks like there is a way to recover if you don't have the phone number or the old device. They have an online form you fill out with your old phone number and new phone number. Then they have some process to verify ownership of the phone numbers which they say will take several days for security purposes.
Authy doesn't store your codes. They store encrypted copies. They are encrypted on your device and only decrypted with your password which does not leave your device. As long as their encryption is not broken your codes are secure.
Yeah I don't like that feature either. You can't get into your gmail unless your phone is working. If you don't have access to your phone # you are kind of screwed.
EDIT: It looks like you can turn off 2FA, I think I'm going to do that now so I don't get locked out of my Gmail.
I feel for these folks. I'm housed and never wanted my email (and a host of other services) to become dependant on my phone number. I've gone so far as telling service providers "I don't have a phone, deal with it" (which is getting harder and harder).
Fundamentally this is a hard problem - how do you have "something you have plus something you know" which is security best-practice, for somebody who will regularly lose all their possessions?
I mean I've always fantasized about getting NFC into everything so that NFC-based tags could provide convenient "something you have" taps. Like, give me a simple ring on my finger to tap-in to a scanner on my keyboard rather than having to meander through an app on my phone.
The other problem is that with every org running their own auth systems, if you're trying to help a person with this problem you have to set them up on a dozen services. I really wish something like Mozilla Persona had took off.
The USPS should operate a free public email service and provide support at every post office.
The government has the resources to navigate complex situations that digital safeguards can’t.
If someone has no paperwork, lost the device they made their account with, and cannot remember a password they made—no tech company has the resources or expertise to handle this at scale as well as local institutions can. If someone needs to take over an account of a loved one that they have legal guardianship of, you don’t want a support agent at a call center to make these decisions.
An elegant solution here might be to allow users to designate a list of other users who can "vouch" for them; if multiple people who you previously designated as trustworthy say "hey, this is my friend's new phone number, use it instead of the old one for account recovery", then that should satisfy the "who you are" authentication factor (and set the new "what you have" factor).
Similar idea behind web-of-trust or multisig cryptocurrency wallets, except without the cryptographic mumbo-jumbo.
Maybe we can build some sort of a "reverse proxy" solution where you can get a number from Twilio etc and just forward to an actual phone number from your carrier. Bonsu, you can add some "firewall" rules and boom. If you lose your phone from your carrier, your twilio number is the same. Just change the rule in Twilio ?
Isn't there a service like this already ? If not, there is your billion dollar startup idea.
> unhoused people face extreme challenges when it comes to retaining physical items.
Reminds me of a case in Moscow (iirc): a homeless guy bought a gym pass that came with a locker, and was storing his things in said locker. The gym administration decided to deny him this arrangement, but he sued them and the court said “since the locker is in the contract, it's his privilege now”.
I had never considered this thanks for sharing it. Yes the typical “something you know and something you have” 2FA authentication approach doesn’t work when unable to reliably “have” something.
Even backup otp keys would be a challenge in this scenario.
What solutions would help with this? I would think even having two passwords on the account (as in you need both to log in) would be an improvement over plain password auth.
2FA needs to be implemented in a more human-friendly manner. Apple does better with their "friend or family member" account recovery. 2FA needs to be something you know not something you have. Or at least needs to support that. Yes, this would be a problem for someone who doesn't know someone to be their backup. But that's a real edge case.
The biggest fallacy we have right now use that all use cases need to be treated equally and if they don’t then somehow they are being immoral.
Google is not being immoral.
The homeless people can use a different service.
Dealing with the use case of someone losing their phone every few weeks when you have billions of others to worry about is unreasonable. I think handling that situation should be considered out of scope.
Perhaps not immoral but kafkaesque or something - if a government support service requires an email address to be used, and the government doesn't provide the email address, there is a dependency on the market to provide such.
And if they don't give a list of "workable free email providers" then the government has failed.
Imagine the howling if you had to have an email address to vote.
Just the other day had an experience where someone in need, freshly moved to a new country, asked to use my phone to email a relative asking for money to buy a phone. When I realized they would need to log in to their gmail, I felt sorry knowing it almost certainly won't work. It didn't. Thankfully Facebook worked.
It seems to me that the government service responsible for providing the phone should be expanded to provide a permanent digital identity, including email, and a lasting phone number. A permanent address (open and scan, with selective forwarding) for physical mail would also be worth investigating.
GMail requiring a password makes my grandparents loose their access what feels like every time I visit them. I can imagine that homeless people are facing that problem on top of the ones described in the thread as well.
GMail offers backup codes to somewhat solve the phone number problem by the way.
I don't think changing Gmail to meet the needs of the homeless, at the risk of everyone else's security, makes any sense. Instead there should be a different email service that the homeless use, perhaps government provided if there's no business model in it.
SMS as a second factor should be deprecated. I got locked out once because my phone was stolen that had the SIM inside, and I couldn't get back into my Google account. Now I just use a Yubikey and am never asked for OTP codes that are sent to my phone.
The reason this is not offered (IMHO) is that a lot the use (on the users side) of 2FA is from people that want better security, while a lot of the push (on the developer side) for 2FA is from people that would like to see the use of passwords almost disappear.
FWIW I have pretty much given up on trying to use any sort of online banking or other financial website because I do not have cell service at my home, and practically every financial institute requires SMS 2FA these days.
Why not educate the people in need about the tons of other free email services that exist? Outlook, tutanota, protonmail, yahoo, gmx, fastmail, zoho theres plenty more but you get the idea.
Sidenote from something I noticed from the rest of these comments: SMS is not the only form of 2FA. It is the most common type, but also one of the most insecure versions of it. You should not be using SMS for 2FA.
Very confusing title, I thought there was some weird schedule that needed address verification. It's when a phone is lost which is on average every 12 weeks according to the twitter post.
This might not be a problem that matters to the Google bean counters, but it would be a problem that a responsible, moral, and just company would solve.
Yes and the other new terminology is "persons experiencing homelessness"
It's all so tiresome honestly. One of the absolute worst things about western culture is the apparent creeping obsession with political correctness that has been escalating for the past few decades.
If only more westerners were like the great George Carlin. Grateful for once to live in the third world.
If you rely on a free google service for anything in any situation, you are one random AI decision away from being completely fucked anyway. If losing 2FA access often is a problem for you, chose a different provider or if you have to use google for some reason, use their google authentication app and save the authentication credentials somewhere save. If you cannot keep a strip of paper with a few recovery codes safe, don't use the internet, it's not for you.
Do you just go into the carrier's store and ask them to change it, or do you have some streamlined way of changing it? Every time I go into one of those stores it seems to take hours to get even the simplest thing done.
It's a valid point that I don't expect Alphabet to address.
Honest question : what about those security code? I'm not homeless but I expect my phone to die anytime. It's from 2015. I want to bring it to 2025 but it might not make it.
As a result I planned for that phone stopping to work and my understanding is that I will be able to emergency 2FA with those code once it broke. Am I wrong?
They should try other free email services. It’d be nice if Google voice was still free and somebody could help set that up as their persistent number. That said, Google 2FA is mission critical for many people’s online identity and is protecting them from a world of online evils, this is not a reason to step back from a security posture that Google has rightly decided protects its users.
I don't think access to email is the biggest concern the homeless have.
It sucks, but there are alternatives besides gmail and if google is going to spend time on this, I'd rather they not and instead spend time on getting homeless into homes.
Who do you think would be spending time on this at Google? I highly doubt that their software engineers and product managers in charge of 2FA would, when idle between pull requests, go out and help the homeless.
Why not lobby those engineers and product managers to improve something that they are actually have agency and arguably a mandate to improve, helping users homeless and otherwise?
I think you vastly overestimate the fungibility of engineering resources in large corporations.
Also, which one do you think the involved stakeholders at Google would have an easier time getting signed-off: Decreasing reliance on stable phone numbers as an authentication factor, or firing a couple of people and donating their salaries to an organization helping the homeless?
Sometimes, depending on the probability of success, the pragmatic choice is also the ethical one.
oh stop it, tech people always think the world works in binary.
Apparently this multi-billion dollar company can't see fit to help humanity because it's literally hard (or impossible?). That somehow I, as an individual, have more of an effect because charities only ever accept money from individuals and not billion dollar corporations?
I would expect it to require a phone number and physical address before an email.
I also wonder if this person on twitter would be willing to let his friends use his email or phone.
The homeless have challenges, no doubt, but that does not imply google worrying about 2FA for the homeless is the best way to solve those challenges. It wouldn't even BE an issue if they weren't homeless in the first place, for example.
Did you even read the linked thread, of a person apparently actually working with homeless people? It explicitly mentions that email is the preferred method of communication for many of them, for reasons also mentioned in the thread.
> The homeless have challenges, no doubt, but that does not imply google worrying about 2FA for the homeless is the best way to solve those challenges.
You seem to be under the impression that improvements to the condition of people's lives are only ethically acceptable if they happen ordered strictly by descending impact. In my experience, that's not realistic.
Partial solutions that take minimum effort are great. It's like replacing a single incandescent light with an LED. Sure it doesn't solve climate change, but it definitely helps, and doing easy helpful things is way better than not doing them and complaining that the problem is big.
pretty much every ineffective strategy has been rationalized at some point.
email implies internet, 2FA implies realtime internet. The lack implies very poor at the very least up to and including homelessness.
"this one company uses 2FA, we should bitch at them until they remove that need" doesn't actually help anything.
This person who posted the tweet could offer their personal phone, email, and internet for these homeless friends they have. Why don't they? I bet they'll say it's because it doesn't solve the "real" problem.
Yeah, neither does asking google to spend money on removing 2FA for the homeless.
There is a very simple flaw in the "Obamaphone" system that is the root cause of this catch-22 dilemma. I was homeless and had to use an Obamaphone, so I saw first hand how this flaw works.
My solution to this problem was simple: don't use Google. Use Yandex instead because they never require a phone for 2FA and they allow you to set your own custom security questions for account recovery as well as link a backup email account to reset your password. It would be trivial for Google to have these features too, but they won't because this is about spying and tracking and controlling users by forcing everyone to use a SIM card.
The Federal Govt doesn't "give" you a free phone. Cellular carriers give you the phone and the service when you sign up at one of their kiosks usually setup outside local Govt offices that provide services to the homeless. Like the food stamps office.
So you sign up witg T-Mobile or Verizon or smaller carriers nobody has heard of and you get your cheapo off-brand phone with low specs like 1GB of RAM and 3GB of cellular data per month. Great, that is an amazing way to help the homeless since doing everything requires a cell phone now.
But when you sign up, the carriers require you to provide a cirrebtly valid food stamps EBT card and a govt ID like a drivers license with your mailing address on it. They mail a form to that address within 60 days that you must sign and mail back to them to prove you are who you claim to be. I guess this is for fraud detection.
But if you are homeless, then obviously you will never be able to receive that form in the mail to prove you are who you claim to be. Then after 90 days if you have not returned your form in the mail, your free phone service is terminated.
You can immediately go and get a new Obamaphone, but you will have a new number and a new account. There is no way to port your old number because each carrier has totally separate systems to store your account.
This whole Obamaphone program is extremely wasteful because it is intended to help the homeless, but it is implemented to force the homeless to constantly churn through getting new phones every 90 days. I went through several different Obamaphones because of this. Typical Big Govt inefficiency I guess.
It is too bad that Google is so obsessed with spying on people and blibdly trusting SIM cards because you can still use Wifi on an Obamaphone that has been deactivated for cellular service. I don't know why Google refuses to base 2FA on something other than a SIM card. They already control the hardware through Android, so the phone hardware IMEI ID itself should be able to be used as a unique identifier.
Unmoored, trillion dollar megacorporations on autopilot like Google who are managed by multimillionaires Executives living in Silicon Valley and who are staffed by millionaire developers designing these systems of global information control do not think of the use case needs of the poorest, disadvantaged users who fall through the cracks.
How about building a solution (or a possible solution)?
I think it is fair to guess that many people reading this have achieved some level of success building solutions to technology problems. Much like solving for malicious use for the average user with 2FA - or privacy with things like protonmail - why shouldn't some of us attempt to solve this rather than expect/complain that Google hasn't?
Mail hosting isn't particularly expensive - companies like mxroute are sub $1 per GB per year with deliverability, etc taken care of - or at least well enough to make it better than constantly changing addresses.
I know that I personally would be willing to invest time and non-trivial amounts of money to offer a solution and gauge adoption and feedback.
Some opinions (open to feedback!) on where to start:
1. Use existing mail provider from the start - mxroute looks like a possibility
2. Overprovision storage by some reasonable factor - say 1GB accounts with 10x overprovisioning - interested to hear from those who know more than me about this but I wonder if more unhoused/homeless people generally use email for mostly transactional purposes not 20mb JPEGs, etc.
3. Ensure the webmail interface (possibly build it) is Ultra simple and Super accessible - screen readers, text to speech, and of course mobile first. Again I (perhaps naively) imagine that features like tagging, rich content composing, and filtering are super low priority here.
4. Have a sign up flow that is mildly fraud resistant - mobile number verification (VoIP not accepted) with a cool off before it can be used for another account (how often do Obamaphone numbers rotate/deactivate once stolen?) and an (accessible) captcha type system to avoid mass sign ups. This could then in V2 be expanded to include more corner cases - possibly invites in lieu of phone numbers, etc. If fraud/spam became an issue it should be easy to detect given these will generally be low volume users.
5. Require only a modestly secure password for login. Use malicious use detection to trigger recovery/verification mode (see next).
6. Have a recovery/verification mode that fits the user group - need ideas here - but 5 questions that you have to answer 4 of and have some verification that the answers are not just simple words at setup? Combine that with verify with a real (but possibly different) mobile (non-VOIP) number that hasn't been used in X days to verify another account? Trusted friend recovery address? Seems like lots of possible solutions to explore here, and no doubt lots of people smarter then me who could provided ideas.
Is there interest in doing this? Am I the only one that feels frustrated when we (including myself) debate what google should do, or why people are unhoused (or what to call people how are) when many of us are capable and financially able to at least try to offer a solution?
With 500k-1M homeless/unhoused in the US (no reason it couldn't be international, just starting somewhere) - let's say it was crazy successful and had a 10% adoption rate of actual active usage. Maybe that's 7.5 TB of storage. I'm sure a reputable provider would be willing to partner to provide that at $1/gb/year or less (plus hosting webmail, etc) - I'd be willing to pay that bill personally for that kind of adoption/benefit. Would others? Would others dedicate their time?
Homelessness is multifaceted - that seems to be the one thing everyone agrees on - so offering possible solutions to any given facet - from fragmented communications to safe shelter - is at least a start and possibly a small part of making a difficult life situation a little easier to overcome/deal with.
I hate services that forcibly enable 2fa on you. Even if you have it disabled, if they detect that you have changed browsers, IP addresses, etc. they make you go through 2fa whether you want it or not. Or just lock you out, or even suspend your account. Fuck that.
>Unhoused people tend to get their phones through the "Obamaphone" program, which means that replacing a lost or stolen phone results in a completely new phone number.
Maybe that's part of the issue. Why recycle numbers so aggressively? Give the user a few months to recover their old number if they can prove they are the same person.
Finally. Everyone seems to assume that 2FA is a great idea, but it is, in fact, a problem in itself, and a much larger problem than unauthorized access ever was. Unauthorized access was never an ubiquitous problem like 2FA definitely is. Unauthorized access was an exception. The only UA I had heard of prior to 2FA being rolled out was with users of Yahoo Mail. I can understand that some institutions may have experienced it more because they had so many users, but 2FA punishes everyone. Just consider the sheer amount of time it has wasted since being rolled out everywhere, 30 seconds at a time. It's centuries of wasted time by now to solve an issue affecting as little as 1% of users.
And 2FA can be defeated through social engineering, and it is defeated constantly in this way. I would far preferred password requirements with 80-bits of entropy than everywhere I log into requiring I collect a 6 digit number from an email, app, SMS message, etc.
But nearly everyone here seems to think this extra little bit of work at every login is a good thing, assuming they would ever have an account compromised. Seriously, how many here ever was compromised prior to 2FA? I've been online since 1983, and I had never come across it personally until after 2FA was rolled out.
Ignoring the personal inconvenience, 2FA's inconvenience increases exponentially for every 10 users being supported. Supporting 2FA among 10K users globally, just 2FA in itself, becomes a full time job for more than one administrator, when previously, those 10K users were commonly supported by a single tech.
Frankly, I'd far far rather take the risk of unauthorized access than being strong-armed into using 2FA. The amount of time 2FA wastes is far more than the time wasted by unauthorized access. The solution is far worse than the problem ever was.
Shit gets stolen nonstop, and not just by fellow unhoused. When the police come and tear down camps, there's no expectation of recovering anything left behind. 9 times out of 10 they're followed by a public works crew throwing everything into dumpsters. Good luck getting your phone (or any of your other possessions) back.
i thought in california there's a recent law stopping police from tearing down camps because exactly homeless people's property is now considered same "class" as normal people's hence you can't just throw it out.
I'm a bit surprised, homeless people have phones and email addresses?
Sorry for question, but it is a bit mind blowing for me, in my country homeless people are rare and the ones I see don't worry about anything besides something to eat and alcohol. So having a mobile for them would be like having cash to buy the mentioned things.
They are homeless not Amish. People can have jobs too while being homeless, since you often can't afford rent in many parts of the world with just a single income. You have to choose between a roof over your head, or eating and having a car to be able to go to work. Or you can get a second income, either another job or a relationship, but that's not always an option, hence why so many people live in their cars. Around 200,000 people live in their cars in the United States alone, but that number is climbing rapidly and will reach a million in a few years, because housing is a luxury now.
And just to compare, the cheapest completely useful (4G, 3GB RAM, 3000mAh battery, Android 11) smartphone is $30, the average monthly rent of a two-bedroom apartment in the United States is $1300.
Most homeless people aren't permanently homeless. Of the homeless population at any given time (very) roughly 50% will only be homeless for a few days, 20% will be homeless for a few weeks, and 30% will be homeless for months or longer.
I was walking to a convenience store two nights ago and I saw a girl venmo'ing a homeless man money. Realistically it's hard to exist without a phone and bank account, and there are a lot of financial aid/benefit programs for homeless people to pay for these sorts of things
Also, fully acknowledging Google and other bigtechs 2FA is far from ideal:
The other thing is, we want at the same time Gmail to be unhackable against best hackers and state sponsored adversaries for the billions of users, including high profile dissidents, journalists, and senators who will inevitably have accounts; and at the same time to homeless people who can't keep any physical thing. It's kinda difficult to meet those conflicting requirements well at the same time.
Maybe the solution should be to have some basic free state-paid email provider for those people. They are not forced to use Gmail specifically (albeit the number of non-sucking and free email providers is probably close to zero).