Youtube forces you to turn on 2fa but it has to be SMS or phone call? wtf

[MS-DOS]

Recently Youtube is forcing people to have 2fa enabled in order to access your account starting November 1st. The problem: it only gives you the following options:

-Text Message

-Phone call

Then in "Choose another option" I see 2 options:

-Security Key

-Text message or voice call

This seems like a recipe for disaster. What if I lose my phone? I just want to generate the codes on andOTP so I can have an encrypted offline backup and also avoid SMS which has been proven to be unsafe. How can I do this? I can't see it on the tutorial videos:

 

https://www.youtube.com/watch?v=lg3Me7iDptI

[Beerzerker]

I'd have to go with a security key - Thay ain't getting my phone number.
And if that doesn't work it's just another account abandoned there.

[MS-DOS]

1 minute ago, Beerzerker said:

I'd have to go with a security key - Thay ain't getting my phone number.
And if that doesn't work it's just another account abandoned there.

I don't have any of these security key devices. I just don't get why they just don't allow you to use an app.

[JZStudios]

1 hour ago, Beerzerker said:

I'd have to go with a security key - Thay ain't getting my phone number.
And if that doesn't work it's just another account abandoned there.

Yep, sounds like I'm not logging to YT anymore.

[tikker]

Never thought I'd see Google not offering Google Authenticator on a platform they own.

[MS-DOS]

2 hours ago, tikker said:

Never though I'd see Google not offering Google Authenticator on a platform they own.

Im confused because I can't see it:

https://www.youtube.com/watch?v=lg3Me7iDptI

[tikker]

22 minutes ago, MS-DOS said:

Im confused because I can't see it:

https://www.youtube.com/watch?v=lg3Me7iDptI

Don't see what?

[YoungBlade]

3 hours ago, tikker said:

Never thought I'd see Google not offering Google Authenticator on a platform they own.

But an Authenticator device can work even when it's kept offline. If you did that and you only used Google services via Tor and a VPN, how are the supposed to track your physical location, then?

[tikker]

53 minutes ago, YoungBlade said:

But an Authenticator device can work even when it's kept offline. If you did that and you only used Google services via Tor and a VPN, how are the supposed to track your physical location, then?

I wasn't aiming at any tracking. I simply find it weird that Google wouldn't offer Google Authenticator as a 2FA method on a Google service.

[18358414]

I also find it strange that they DISABLE certain 2FA options if you decide to delete your phone number from the account... I guess that deciding not to have a phone number paired up means all other forms of 2FA are insecure?

[RoseLuck462]

Blizzard exec "Don't you have a phone??"

[danomicar]

I don't really get what the big deal is. They're asking for a phone number, which is publicly available information. 

[GreatnessRD]

52 minutes ago, danomicar said:

I don't really get what the big deal is. They're asking for a phone number, which is publicly available information. 

Some folks just like to feel in control. it's a ton of ways for 2FA to work. Why can't I use an e-mail? I don't want them whores texting my phone. I believe that's what it is.

[LogicalDrm]

-> Moved to Programs, Apps and Websites

[danomicar]

11 hours ago, GreatnessRD said:

I don't want them whores texting my phone. I believe that's what it is.

Why do you think Youtube wants to text you?

 

If I'm understanding correctly, they'll send you a 2FA text to your phone every time you sign in. This is a pretty simple way to keep access to your account (relatively) secure, especially compared to email. 

[MS-DOS]

8 hours ago, danomicar said:

Why do you think Youtube wants to text you?

 

If I'm understanding correctly, they'll send you a 2FA text to your phone every time you sign in. This is a pretty simple way to keep access to your account (relatively) secure, especially compared to email. 

SMS can be hijacked. Any competent trading platform will allow you to use andOTP or any other open source software of choice for 2fa instead.

[danomicar]

2 hours ago, MS-DOS said:

SMS can be hijacked. Any competent trading platform will allow you to use andOTP or any other open source software of choice for 2fa instead.

Youtube is not a trading platform and is not bound by the same standards as one. I agree that this would be completely unacceptable to store large amounts of money behind. But this is not a reasonable comparison.

 

If you for some reason have a very valuable youtube account, I agree that a mandatory SMS 2FA would not be a good option.

[MS-DOS]

18 hours ago, danomicar said:

Youtube is not a trading platform and is not bound by the same standards as one. I agree that this would be completely unacceptable to store large amounts of money behind. But this is not a reasonable comparison.

 

If you for some reason have a very valuable youtube account, I agree that a mandatory SMS 2FA would not be a good option.

It is more valuable than a trading account for many, so in that case there should be a better way than SMS. You would expect they know SMS arent safe.

[Beerzerker]

On 10/8/2021 at 5:39 PM, Caroline said:

I mean if you own a "smart" phone with Android on it they already have it.

 

Browser+OS language and timezone, if the browser language is different to the OS they'll know you've swapped it on purpose, once they have that they compare it to the timezone, if idk it's UTC+1 and your OS ping says the language is Italian then you're from Italy and that's it.

 

Why pay for a VPN and use Tor when you can simply avoid using g* services and set up a firewall that prevents profiling?

No they don't - Not mine at least.
The E-Mail account my YT account is tied to is a disposable one meaning I never use it for anything.
I honestly can't recall or even have the password to access it anyway so there you go.
And the fact my phone is an older flip-phone also means if they could or have accessed it, what they'd get would be very limited. It is a web-capable phone but it's not used for all that - Just as a phone, nothing else.
And I like it because it's not so damn bulky/big, I can carry it around in my shirt pocket NP.