Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> If what you're concerned about is the idea that Google knows your phone number, you can use Google Authenticator or another TOTP app instead.

I'm under the impression that you need to provide Google your phone number before being allowed to enable TOTP.



TOTP algorithm is open, has RFC. Check Google Authenticator Wikipedia page for OSS clients.

I guess phone number is needed for the secure reset. In the case you lose the device this would render your account inaccessible.


I do have an OSS client, but the very first step to enable Gmail's 2FA is to give your phone number.

I agree that there are good reasons for asking that, but the comment above apparently raises a good point, namely, that you apparently cannot enable 2FA without giving Google your phone number.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: