News: access removal of "Less Secure Apps" in Google

Creating a password is alternate for my personal password and its one time use am i correct?

Without device authentication works, but for the 1st time it is needed without phone number.

Ok, so…

App Passwords can only be used with accounts that have 2-Step Verification turned on.

Ok… let’s go there… Turn on 2-Step Verification - Computer - Google Account Help

I’ve opened that, what are my options?
Phone number…so no, and “more options” let’s see
“Security key”
“Google solicitation on phone”

Now what?

Security key? Let’s use that… there’s a picture of USB tokens, interesting… Next step… put that into USB…put what? my TOTP/HOTP app? Oh…that’s not an option…

I never had 2FA activated
I can’t “tap on a device”
no 2FA means no security codes

Appears that this is intentional: https://www.reddit.com/r/techsupport/comments/t08jui/how_to_use_google_2fa_without_phone_or_key/

If you click “Authenticator App”, you can use it with any TOTP app. Not just Google Authenticator.

I’m not sure if this is a regional thing, but I can confirm that Google does not allow you to use (or your own) authenticator without having entered a phone number, this option is only available after you have entered it.
Maybe it’s either a regional thing or other users already put in a number in the past and don’t remember it, or maybe this is not mandatory for very old accounts.

There’s no such entry for me, that’s the issue.

Since I never enabled 2FA… they punish me now.

Yup I agree. I created an account via VPN last year from some location in Germany. Now it shows me just the 2FA without that foogle lap tap. But when I use an account from Asia (other than China), it shows me all the options.

Ohh, yes it was knowingly done.

Another reason to quit foogle.

I think this is a good move by Google. This will increase security for the average internet users. There are ways to work around it for people who know what they’re doing.

They were insecure if their phone number was not in google’s database?

3 Likes

This change activates 2FA for app sign-in. Most average users already store their phone numbers on Google anyway.

I would really be surprised if because of this change more than a handful of people add their phone numbers to their google account. It would mean that they:

  1. have created a google account without their phone number
  2. have installed another mail client and configured it to access their gmail account
  3. don’t know how to generate an app password

Say that again as if it’s a good thing.

There’s no other way now…

2 Likes

as far as i know you can generate app passwords in your google account and then use these in your email client.

you could read the posts above, you know?

1 Like

what’s stopping people from generating an app password? If they can sign in to their google account then they can generate an app password

Pretty please read above… “people” have tried, Google does not allow them without also giving out their phone number.

google mandated 2FA for all accounts a while ago. this is not news. back then people had the option of creating lists of 2FA codes. now they can use one of these codes to create an app password.

So it’s hard to read above or now you’re not gonna do it out of spite?

Google does not allow, currently, 2FA without also giving out ones phone number, or a hardware usb token.

back then before 2FA was mandated you could download lists of 2FA codes and activate 2FA using this. Google gave ample warning that this was going away.

How would it make sense for Google to increase security by activating 2FA and then say “oh btw, you don’t actually need to prove who you are when you activate 2FA for an account without 2FA”?

The writing was on the wall for this for a long time. Google explicitly said this was happening and people had months to plan what to do.