Regarding Google's announcement regarding ending use of SMS for
account recovery, and moving to QR codes
I've received a lot of queries about the Google announcement that
they're moving away from SMS and want to use QR codes for account
recovery and likely other purposes such as 2-factor authentication. A
lot of people are concerned about how this will affect people without
smartphones or in many cases even Internet connections except in
specific locations (e.g. libraries, where they'd likely be using
desktop systems often without cameras needed to deal with QR codes).
While improving security is certainly important, and we know the
security vulnerabilities of SMS, the reality is that the same groups
of users who are routinely disadvantaged by Google's account recovery
procedures -- and often are locked out of their accounts
inappropriately -- could be hurt yet again by a QR-code-centric
approach.
However, it's a bit too early to panic about this. I have already
directly communicated my concerns about this situation to the relevant
parties at Google, and have received a response saying that they
consider my concerns valid and that this is only the start of the
process to determine the best way to improve security taking into
account the very diverse characteristics of Google's users.
What this will actually mean in practice is unknowable right now of
course, but I will endeavor to stay in the loop on this matter to the
maximal extent possible.
L
- - -
--Lauren--
Lauren Weinstein
[email protected] (https://www.vortex.com/lauren)
Lauren's Blog: https://lauren.vortex.com
Mastodon: https://mastodon.laurenweinstein.org/@lauren
Signal: By request on need to know basis
Founder: Network Neutrality Squad: https://www.nnsquad.org
PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility
_______________________________________________
google-issues mailing list
https://lists.vortex.com/mailman/listinfo/google-issues
