Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Those steps don’t actually turn off 2FA for Google accounts.

If you login from a new computer or unrecognized IP, Google forces you to use the YouTube app on your phone to enter a “code” to login. It sometimes doesn’t even let you get a text code. God forbid I lose my phone or delete the YouTube app and login from a new IP. I don’t know how I would even get into my account.

I don’t know how this isn’t a wider spread issue affecting more people but I guess Google developers live in a perfect world where the YouTube app auth can never fail and you never lose your phone.



Yup. I had 2-factor turned off and tried to login to an old gmail account from maybe 5 years prior.

I had the right password and recovery email but I wanted to txt a code to a phone number I didn’t have any more.

That seems insane to me. Right password, access to “recovery email” and still blocked.

What ended up working for me was trying to login when I took a vacation back to the same city when I last logged in.

Didn’t get asked for the OTP code, so could get in and update the number.

I wouldn’t have such an issue if Google had customer support and let you send other proof of identity. But they don’t.

And now I’m getting weird requests to confirm I logged in from the YouTube app on other devices. YouTube?


Have you actually tried disabling 2FA? Because I just did. I followed the steps above then signed in to Google from a clean browser profile with password only. No problem. Then I connected to a VPN in a different country and signed in from another clean profile. Again, no problem.

If you have 2FA enabled, then yes, of course it will ask you for the second factor if you're doing something unusual.

But with 2FA disabled, logging in with just a password works fine.


I have no idea what part of Google's fingerprinting panopticon decided it was okay to let you in from a clean profile, but I can promise you that in the past, I have been locked out. Yes, 2FA was turned off. And there are lots of other reports of this happening around the web, and even here on HN, so I'm not unique.


Yes, I’ve tried turning it off and on multiple times and it still makes me do 2FA.


Then don’t use Google for email. There are plenty of other free email providers that do not employ that much security. Problem solved


My problem isn’t that gmail is too secure, it’s that the 2FA setting doesn’t actually turn off what it’s supposed to turn off. Not sure if this is a bug or intended behavior.


Just use another email provider. There are many other free ones and reasonably priced paid services. The paid services tend to better listen to their users since they’re the real customers


That's Weird, I've never had to do that. I can just login to Google with my username/password. If it doesn't recognize the device it just pushes a notification of the sign in to my phone


That's exactly what they are describing - the push notification to the phone _that the user has lost_.


It's just a notification, it can be ignored (for me). I don't usually even notice its there until hours later. You don't have to acknowledge it in any way.

It also has nothing to do with the YouTube app, and there is no code I have to enter anywhere.

I've never had any form of 2FA on my Google account.


You may have never experienced it, but it does happen. Not just a notification.


I never said it doesn't happen?? I literally even specified "(for me)."

I believe you, I'm extremely surprised I didn't see this considering I've logged in from all sorts of sketchy IPs/VPNs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: