Google To Replace SMS Codes With Mobile Prompts in 2-Step-Verification Procedure (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Google To Replace SMS Codes With Mobile Prompts in 2-Step-Verification Procedure (bleepingcomputer.com)

Posted by msmash on Friday July 14, 2017 @09:10AM from the interesting-moves dept.

Starting next week Google will overhaul its two-step verification (2SV) procedure and replace one-time codes sent via SMS with prompts shown on the user's smartphone. From a report: This change in the Google 2SV scheme comes after an increase in SS7 telephony protocol attacks that have allowed hackers to take over people's mobile phone numbers to receive one-time codes via SMS and break into user accounts. The rollout process for this feature is scheduled to start next week when Google will invite users to try mobile prompts instead of receiving a one-time code via SMS. Users need an Internet-connected smartphone to use this feature. Every time users will try to log in, Google will show a prompt on their phone asking the account owner to approve the login request. There's no one-time code that users have to fill in, and users can authorize a login request with the tap of a button.

181 comments

Min score:

Reason:

Sort:

Terrible editors by Anonymous Coward · 2017-07-14 09:18 · Score: 2, Insightful

I know stories are posted farther apart at night, but it's embarrassing to have stories three hours apart on a weekday afternoon. These editors suck. There used to be a lot of pornographic fiction involving Slashdot editors. I'd like to see what you guys can come up with to explain why the editors weren't posting stories.
1. Re:Terrible editors by __aaclcg7560 · 2017-07-14 09:25 · Score: 2
  
  Some of my coworkers go out for a three-martini lunch on Fridays. A few might even return to work after lunch is over.
2. Re:Terrible editors by Anonymous Coward · 2017-07-14 09:54 · Score: 0
  
  I miss the entertaining tales of too many cocks in Taco's anus.
3. Re:Terrible editors by Anonymous Coward · 2017-07-14 10:12 · Score: 0
  
  I got Tacos Huevos. Where are my cock eggs?
4. Re:Terrible editors by Anonymous Coward · 2017-07-14 10:22 · Score: 1
  
  I knew a guy in 1995 who passed a kidney stone. He said he had gotten it from drinking too much soda pop. He never told me his real name, but he worked with video games, and he introduced me to NetBSD. That guy had a presence, and you always knew when he was in the room. Nice guy, pleasant body odor. I must have met creimer.
5. Re:Terrible editors by Anonymous Coward · 2017-07-14 10:26 · Score: 0
  
  I got Amazon Dot. Where are my cock eggs?
6. Re:Terrible editors by Anonymous Coward · 2017-07-14 12:28 · Score: 0
  
  while you go out for a three-family lunch by yourself
7. Re:Terrible editors by Anonymous Coward · 2017-07-14 12:38 · Score: 0
  
  If you're half the insufferable jackass you are online in real life, I'm surprised your coworkers don't need three *whiskeys* EVERY lunch!
8. Re: Terrible editors by Anonymous Coward · 2017-07-14 14:00 · Score: 0
  
  They don't post stories as they approve them (I'm under no illusion that they read submissions). Just look at the ones digit of the post time: it's zero for every front page entry. Have you ever seen two stories make the front page in less than 30min?
  Clearly they queue up stories and set the time when each should show.
9. Re:Terrible editors by ls671 · 2017-07-14 14:09 · Score: 1
  
  hehe it's now been 5 hours since this FA was posted and still no new FA posted. What did you do you to miss Mash A.C.?
  This looks like a frame-up. Nice try.
  
  --
  Everything I write is lies, read between the lines.
10. Re: Terrible editors by Anonymous Coward · 2017-07-14 14:13 · Score: 1
  
  Thanks for the reply. Yes, the stories are queued up, sometimes hours in advance. SoylentNews runs a similar but forked version of the code that also powers this site, and SN actually shows you the titles of stories that have been queued up to post. On this site, normally the stories are queued up to post 40 minutes apart during the day (10 AM EDT, 10:40 AM, 11:20 AM, 12 PM, and so on...). Sometimes the spacing is slightly different with stories 45 minutes apart or something like that, but a lot of days they are right on time. It's almost always very periodic, and they even tend to post at the same time most nights, with stories going up around 11:30 PM and 3 AM EDT.. This is quite irregular to have no stories posted in several hours.
  I believe stories get queued up the previous day to run through about 9 AM EDT, then the editors queue up a bunch more stuff in the morning to run during the day. EditorDavid takes over Saturday morning and posts everything through Monday morning, though I'm certain the Monday morning posts are queued up the previous night. On weekdays, posting seems to be split between BeauHD and msmash. However, it looks like BeauHD's last post would have been queued up last night and only msmash has been queueing up stories today.
  I don't have any idea why this is going on, but I assume that for some reason, BeauHD isn't posting, and msmash isn't posting more in his absence. All joking aside about pornographic fiction involving editors, I don't have a theory about where BeauHD is. I sincerely hope that nothing is seriously wrong. But this is, indeed, irregular.
11. Re:Terrible editors by Anonymous Coward · 2017-07-15 01:00 · Score: 0
  
  Not only is it a dupe, but for people who chose to use Google Authenticator several years ago (whether through the app, or built into Android 6.0 and later) it is also extremely old news. It seems they are now pushing people towards this, rather than leaving it as a buried opt-in now though.
12. Re:Terrible editors by Anonymous Coward · 2017-07-15 03:14 · Score: 0
  
  He's a fat tub of shit that uses the DMCA to remove the evidence from the internet. Lame.
13. Re:Terrible editors by Anonymous Coward · 2017-07-15 09:05 · Score: 0
  
  Some of my coworkers go out for a three-martini lunch on Fridays...
  ...although, this is not possible for support people, they need to answer calls and take tickets when their name is in the queue.
14. Re:Terrible editors by Anonymous Coward · 2017-07-15 09:09 · Score: 0
  
  Some of my coworkers go out for a three-martini lunch on Fridays...
  ...but it isn't allowed for support people, they need to answer calls and take tickets when their name is in the queue.
15. Re:Terrible editors by __aaclcg7560 · 2017-07-15 09:27 · Score: 1
  
  ...although, this is not possible for support people, they need to answer calls and take tickets when their name is in the queue.
  I don't work in help desk.
16. Re:Terrible editors by __aaclcg7560 · 2017-07-15 09:29 · Score: 1
  
  ...but it isn't allowed for support people, they need to answer calls and take tickets when their name is in the queue.
  I don't work in help desk.
17. Re:Terrible editors by Anonymous Coward · 2017-07-15 10:53 · Score: 0
  
  Actually, no one is sure *where* you "work".
Won't affect me by Anonymous Coward · 2017-07-14 09:19 · Score: 0

I am already on 2FA. I wonder about the situation where the user lost his/her one and only an Android phone, and is in the process of signing into a new one. How will this work?
1. Re:Won't affect me by Anonymous Coward · 2017-07-14 09:24 · Score: 0
  
  How will one-time codes work? I have 10 of them in my wallet. If they're fucking useless I'm going to sue Google.
2. Re:Won't affect me by jason2971 · 2017-07-14 09:27 · Score: 2
  
  There are alternate 2FA methods that can be used if you lose your phone-- an authenticator app (which may have been lost with your phone as well), a backup email address or (as a last resort) fall back to SMS verification.
3. Re:Won't affect me by unixisc · 2017-07-14 14:05 · Score: 1
  
  Which Android versions will this affect? I have v5 - Lollipop - on both my Android devices. Will it happen there, or will one have to upgrade to 6 or 7 to get this?
4. Re:Won't affect me by Anonymous Coward · 2017-07-15 05:07 · Score: 0
  
  My phone has version 6 on it, and it doesn't appear to be supported at this time. Or at least, the instructions don't match 6 and they couldn't find my phone.
  A bit of information about what devices are supported would be nice. One thing that Google sucks balls at is technical documentation for things like this. They don't specify what the requirements are and we're left to infer whether or not the phone is supported.
Correct me if I'm wrong.. by Anonymous Coward · 2017-07-14 09:19 · Score: 0

..but won't this require a more persistent data connection than SMS needs?
1. Re:Correct me if I'm wrong.. by Anonymous Coward · 2017-07-14 09:23 · Score: 0
  
  There's an option during login to fall back to other 2FA methods, like an authenticator app or SMS.
2. Re:Correct me if I'm wrong.. by Anonymous Coward · 2017-07-14 09:36 · Score: 0
  
  So SMS is just no longer the default?
Had This For A While by Anonymous Coward · 2017-07-14 09:20 · Score: 0

I've had this for at least a year and a half, maybe more. I login to a Google service and it pops up a Yes/No prompt on my Android phone to confirm the login. This is news?
1. Re:Had This For A While by Anonymous Coward · 2017-07-14 10:28 · Score: 0
  
  Exactly. Mine too. I just logged into a new computer yesterday and was prompted on my phone. This definitely is not new.
2. Re:Had This For A While by Anonymous Coward · 2017-07-14 17:29 · Score: 0
  
  Yes. It was under testing for a year. Now they're rolling it out for everyone.
3. Re: Had This For A While by bobmajdakjr · 2017-07-15 09:27 · Score: 1
  
  i hope its not as shitty as apples. for some reason they thought making it a modal popup was the best idea ever so you cant even interact with the damn phone to type in the code it just popped up.
My iPhone is somewhere else... by __aaclcg7560 · 2017-07-14 09:22 · Score: 1

I usually don't keep have my iPhone with me when I'm working in my home office. Whenever I log into a website that requires me to look at my iPhone, I have to stop everything while I got fetch my iPhone from the kitchen table. A security token would be more convenient.
1. Re:My iPhone is somewhere else... by xxxJonBoyxxx · 2017-07-14 09:23 · Score: 5, Funny
  
  >> I have to stop everything while I got fetch my iPhone from the kitchen table
  
  That will teach you to put your personal tracking device down, citizen.
2. Re:My iPhone is somewhere else... by Calydor · 2017-07-14 09:27 · Score: 1
  
  I have my cellphone literally only in case of emergency - car breaks down or something like that. As a result it's often left to drain the battery even in standby, and I won't notice for days. So not only do I need to remember where I put it, I also need to charge it enough to turn it on and GET that login message!
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
3. Re:My iPhone is somewhere else... by jason2971 · 2017-07-14 09:34 · Score: 3, Insightful
  
  Then you aren't the target user. I doubt you even use 2FA, if you don't keep track of your phone. So this won't affect you.
4. Re:My iPhone is somewhere else... by Misagon · 2017-07-14 09:45 · Score: 4, Insightful
  
  That exact use case - as an emergency phone in the car or summer cottage etc. - is why people still have "dumbphones" that can't run apps.
  Batteries in those can last for six months or more, where as a "modern" smartphone won't even last for a couple days when turned "off".
  
  --
  "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
5. Re:My iPhone is somewhere else... by grimr · 2017-07-14 09:51 · Score: 1
  
  "I have my cellphone literally only in case of emergency" "So not only do I need to remember where I put it, I also need to charge it enough to turn it on"
  Not sure but I think there may be a couple of flaws in your emergency plan.
6. Re:My iPhone is somewhere else... by __aaclcg7560 · 2017-07-14 10:13 · Score: 4, Informative
  
  The battery in a normal phone self discharges the same as the battery in a dumbphone. The lion cells don't know what kind of device they're in.
  A smartphone never really sleep when its not being used. If you have a lot of apps that do background refresh, the battery life between charges is significantly shorter than a dumb phone. I've heard that the Facebook app is a notorious battery drainer.
7. Re:My iPhone is somewhere else... by Obfuscant · 2017-07-14 10:28 · Score: 1
  
  A smartphone never really sleep when its not being used.
  "Not being used" is not the same as "off". If you have apps that are busy updating the phone while it is off, then it's an unusual phone.
8. Re: My iPhone is somewhere else... by Zero__Kelvin · 2017-07-14 10:32 · Score: 1
  
  Way to be smug while simultaneously broadcasting your cluelessness. When a smartphone is "off" it still has constant power drain because it still has hardware that is powered. How do you think the phone knows what magic button combinations you are pressing to decide if it should boot into normal mode or the bootloader, e.g. ? Try powering your phone down and pressing the power button very briefly rather than holding it longer. See that cute little battery graphic with the color filling indicating percentage charge? That's because your phone never powers down completely unless you remove the battery.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
9. Re:My iPhone is somewhere else... by Misagon · 2017-07-14 10:36 · Score: 1
  
  There isn't any smartphone that can be really turned "off". It is always some level of standby. Many smartphones still draw more in its most battery-preserving standby mode than a typical "dumbphone"
  
  --
  "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
10. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 10:52 · Score: 0
  
  There isn't any smartphone that can be really turned "off". It is always some level of standby. Many smartphones still draw more in its most battery-preserving standby mode than a typical "dumbphone"
  Mine can turn off, but I added a switch on the battery connection.
11. Re:My iPhone is somewhere else... by thegarbz · 2017-07-14 10:53 · Score: 1
  
  I can just imagine how upset you'd be if you got a phone call.
12. Re:My iPhone is somewhere else... by __aaclcg7560 · 2017-07-14 11:01 · Score: 1
  
  I can just imagine how upset you'd be if you got a phone call.
  I get 20+ phone calls and emails per day from recruiters, so I keep my ringer turned off all the time. The fastest way to get a hold of me is email or IM.
13. Re:My iPhone is somewhere else... by Calydor · 2017-07-14 11:19 · Score: 1
  
  I never claimed to be well prepared!
  Thing is it can often be a full week between getting in the car, so if the phone was only at half charge last time it's DEFINITELY dead now.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
14. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 11:26 · Score: 0
  
  Do you have the number of a former pizza place?
15. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 11:39 · Score: 0
  
  This is so stupid I'm surprised Creimer didn't write it.
  Yes, it's still in a kind of standby...pressing the power will cause it to boot up. But it's not "on" in the way anybody means it when they say "on."
16. Re: My iPhone is somewhere else... by silverkniveshotmail. · 2017-07-14 11:50 · Score: 1, Informative
  
  Way to be smug while simultaneously broadcasting your cluelessness. When a dumbphone is "off" it still has constant power drain because it still has hardware that is powered. How do you think the phone knows what magic button will power it on? Try powering your phone down and pressing the power button very briefly rather than holding it longer. See that cute little battery graphic with the color filling indicating percentage charge? That's because your phone never powers down completely unless you remove the battery.
17. Re:My iPhone is somewhere else... by __aaclcg7560 · 2017-07-14 12:14 · Score: 1
  
  Do you have the number of a former pizza place?
  Nope. I do have 800+ connections to my LinkedIn profile from recruiters, many of whom already have a copy of my resume in their database.
18. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 12:18 · Score: 0
  
  If you want to take someone else's words and try to sound smart after they made you look like a fool it helps if you try to pass them off as your own words elsewhere rather than making it obvious.
19. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 12:31 · Score: 0
  
  Wow. The pizza place would have been more useful.
20. Re: My iPhone is somewhere else... by Zero__Kelvin · 2017-07-14 12:53 · Score: 1
  
  When a dumbphone is off, power is not applied to the CPU, RAM, etc. When a smartphone is "off" power is still applied. This is necessary because starting up an 8 bit microcontroller with static RAM is much less time consuming than starting up a multicore 64 bit CPU with dynamic RAM, etc. I would need to connect an ammeter in line with the battery to give actual current drain numbers. Alternatively, some manufacturers may have this information in their product specs. In any case "significantly more" would be a reasonable if vague answer.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
21. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 13:14 · Score: 0
  
  working in my home office
  
  fetch my iPhone from the kitchen
  Creimer, you've joyously told us about how you live in a small (440 sq ft, was it?) studio in Silicon Valley. The "fetch" you're whining about is literally TWO STEPS across your shitty apartment.
  Are you really so out of shape and overweight that you can't make those two steps without wheezing like a steam engine?
  Most normal people would simply either remember to keep the phone handy when they're working, or would simply just get up, grab the phone, and not whine about it. But here you are, burning lean tissue whining about how onerous it is to stand, take a couple steps, pick something up, turn around, take a couple steps, and sit.
  Hell, in an apartment that small, you could probably get a chair on casters and wheel yourself to the kitchen, grab yourself a snack to replenish your energy after that monumental task, and carry a couple power bars back to your home office to keep your blood sugar levels high enough to turn your blood to pure corn syrup.
22. Re: My iPhone is somewhere else... by tricorn · 2017-07-14 13:31 · Score: 1
  
  The only circuit that has any power when the phone is in the power-off state is the actual power control module. Perhaps there are other phones that have more than the one main power/lock button active, but on all the devices I've used the ONLY active button is power - and all that does is apply a very small current through a physical switch that turns on the main power controller if it stays active for long enough. The only other thing that will activate the power control module is if you apply voltage to the charging port.
  Everything else you mention, checking if it's a short or long press, looking to see if any other buttons are pressed, happens AFTER it turns on main power to the CPU and starts the initial low level boot (although the force-reset circuit might be on the same button connection, it won't be active until the power's been turned on first).
  If I plug in my phone, the CPU boots to a low level battery charging program which is probably monitoring the process and can put up a cute display showing the charge level. In that case, since it has external power, the CPU does stay powered on. If I unplug it without booting the main system up (which is just a normal button input to the battery program), it simply powers back down.
  The drain on a power control circuit is extremely low, probably less than internal leakage current.
  I have several devices that I've left fully charged and off for months, when I turn them on they're still indicating full charge (although they're certainly down a small amount, of course), discharge normally, recharge normally. And yes, I know that leaving a battery in the full charge state isn't ideal.
  My iPad will only lose a few percent a day if I leave it in standby, I can go several weeks between charges if I''m not using it. My Android phone has settings to prevent "background" network use, enabling that will also significantly reduce power usage when it's locked (and that's before enabilng the "extreme power saving" modes).
23. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 13:40 · Score: 0
  
  I usually don't keep have my iPhone with me when I'm working in my home office. Whenever I log into a website that requires me to look at my iPhone, I have to stop everything while I got fetch my iPhone from the kitchen table. A security token would be more convenient.
  I think you should say iPhone one more time to really get the point across that you're a faggot.
24. Re:My iPhone is somewhere else... by aaarrrgggh · 2017-07-14 14:03 · Score: 1
  
  Get an Apple Watch...
25. Re:My iPhone is somewhere else... by __aaclcg7560 · 2017-07-14 14:19 · Score: 1
  
  Get an Apple Watch...
  I haven't worn a watch in 30 years. I'm not going to shatter an Apple Watch at $300 a pop.
26. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 14:24 · Score: 0
  
  I'm sure if you tie two together they'd fit around your monstrous wrist.
27. Re:My iPhone is somewhere else... by __aaclcg7560 · 2017-07-14 14:38 · Score: 1
  
  The "fetch" you're whining about is literally TWO STEPS across your shitty apartment.
  My home office is a separate space inside my 475-sqft studio apartment. Two bookshelves make for a fourth wall and two walls are painted green. Here's an old blog post from my snail mail days of writing.
  https://blog.cdreimer.com/2009/03/06/dedicated-office-space/
28. Re: My iPhone is somewhere else... by Baloroth · 2017-07-14 14:52 · Score: 1
  
  Yeah, this is bullshit. You know how I know? I tested it. I turned off my phone, then turned it back on again and timed how long it took: 42.80 seconds. Then I turned it off, removed the battery, and then reinserted it and turned it back on again. Took 42.66 seconds. That's within the margin of error of the human reaction speed (which is ~100-200ms). So, no, the phone CPU doesn't stay powered on while off, the system really does reinitialize itself from the fully-off state when I turn off my phone. Maybe other phones don't, but I'm going to need to see some sources before I believe it.
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
29. Re:My iPhone is somewhere else... by __aaclcg7560 · 2017-07-14 14:52 · Score: 1
  
  I'm sure if you tie two together they'd fit around your monstrous wrist.
  That's the other problem.Apple Watch bands maxed out at 180mm (7 inches) for wrist circumference. My wrist circumference is 250mm (10 inches).
30. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 15:00 · Score: 0
  
  Wow, creimer, you really are a success and a role model for all 47 year old virgins.
31. Re: My iPhone is somewhere else... by Gavagai80 · 2017-07-14 15:15 · Score: 1
  
  I recently had my old smartphone turned off for months after I got a new one, and was surprised to find the battery still had power when I finally turned it on. Could be that's only because it's a low-end android, but clearly at least some smartphones do last a long time turned off.
  
  --
  This space intentionally left blank
32. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 16:55 · Score: 0
  
  > [A smartphone] is always some level of standby.
  So is a "dumbphone".
  I would bet _real_ money that all but the shittiest "smartphones" use the same amount of power when they're _off_ as the average "dumbphone".
  Why?
  Because _I_ know that both smartphones _and_ dumbphones both need to draw just enough power to respond to a press of the powerup button.
  Or are you talking about phones that are _so_ old that they have a physical _switch_ to cut power to the device? Those haven't been made since like the early 1990s, and like, _none_ of those phones were more than a radio and a keypad. Even a "dumbphone" has far more computer in it than those did.
33. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 17:06 · Score: 0
  
  > When a dumbphone is off, power is not applied to the CPU, RAM, etc. When a smartphone is "off" power is still applied.
  lolno. You've never looked at what the "off" mode in any computer built since the mid 1990s actually _is_ have you?
  Here's a "hint":
  The PSU (yes, even a "dumbphone" has one) provides a _tiny_ bit of power to the motherboard so it can react to the press of the "change power state" button. The CPU is off. The RAM is off. (Even the _mandatory_ periodic RAM refresh job takes a _ton_ of power when compared to a PSU running in "waiting for the power-on signal" state.)
  No need to run a whole goddamn computer to react to power button presses when a tiny ASIC will give you _way_ more functionality than you need.
34. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-14 17:53 · Score: 0
  
  Lol
35. Re:My iPhone is somewhere else... by thegarbz · 2017-07-14 20:49 · Score: 1
  
  A modern smart phone has no problem lasting up to 2 weeks while ON and on low power mode. As for being off, my old S6 which has been lying in my draw unused for a year still has 70% charge.
  Please don't spread ignorance. This site is new for nerds.
36. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 01:09 · Score: 0
  
  Ever noticed how when you buy a new phone the battery is at least half full?
  Smartphones do not draw significant current when they are off.
37. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 01:24 · Score: 0
  
  How do you think the phone knows what magic button combinations you are pressing to decide if it should boot into normal mode or the bootloader
  It samples the buttons when it boots. There is no need to be sampling the buttons before the power button is pressed, the phone is not using current to do this, until the power button completes a circuit which triggers the turn on. Yes, there is probably some nanoamps of current even when switched completely off, because silicon isn't a perfect insulator. But the amount of current we are talking here is negligible compared with the battery's own drain when stored for long periods, and probably much lower than the older designs in dumbphones.
38. Re:My iPhone is somewhere else... by jez9999 · 2017-07-15 01:32 · Score: 1
  
  Batteries in those can last for six months or more
  6 months?? Don't US phone lines have power running down them? In the UK I have landline phones that take no batteries, and just operate once plugged into the phone line.
  
  --
  == Jez ==
  Do you miss Firefox? Try Pale Moon.
39. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 01:41 · Score: 0
  
  Usually something of the order of 10 - 50 microamps - enough to keep the RTC ticking over. The power management ICs have the ability to go down to 100nA or so in off mode, but then the clock will reset, which generally isn't desirable. There is no difference between smartphones and most dumbphones in this regard (even dumbphones have a clock as a standard feature), and contrary to what the GP is trying to claim, the RAM and CPU are completely powered down when the phone is completely off (whether Apple users know the right button combination to fully power off their phone rather than putting it in cell-standby is another matter).
40. Re: My iPhone is somewhere else... by Zero__Kelvin · 2017-07-15 02:41 · Score: 1
  
  That is not correct. There is a wealth of empirical evidence to disprove your hypotheses, and you can prove it to yourself as well. Charge a battery to 100% and remove it for a couple days and note the charge when plugged back in (still 100%), then leave the battery in and power it "off" for the evening, and note that the charge is significantly less than 100%.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
41. Re: My iPhone is somewhere else... by Zero__Kelvin · 2017-07-15 02:46 · Score: 1
  
  You left out the make and model of your phone. Not every smartphone is the same. I also have some phones that behave as you describe. They are "lesser" phones. I am guessing yours is as well.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
42. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 03:22 · Score: 0
  
  If you want to know for sure, get yourself a kill-a-watt device to measure the power draw. Around here the public library lends them out to anybody that wants to use one. You'd be surprised how many devices use no power when off or less than a tenth of a watt.
  IIRC, my TV responds to a non-mechanical touch button and it still used less than a tenth of a watt when turned off. Which is to say, essentially no power.
43. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 03:42 · Score: 0
  
  If you have a lot of apps that do background refresh, the battery life between charges is significantly shorter than a dumb phone.
  s/a lot of apps that do background refresh/a smartphone/
  There, fixed that for you.
44. Re: My iPhone is somewhere else... by Zero__Kelvin · 2017-07-15 04:15 · Score: 1
  
  Or I could charge my phone to 100%, shut it "off", turn it on in the morning, and note that significant difference.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
45. Re:My iPhone is somewhere else... by CSMoran · 2017-07-15 04:21 · Score: 1
  
  The lion cells don't know what kind of device they're in.
  They're called cages, not cells.
  
  --
  Every end has half a stick.
46. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 05:15 · Score: 0
  
  There shouldn't be a significant difference unless there's something wrong with your phone/battery. If I charge mine to 100% before bed and switch it to airplane mode, not even turning it off, I'll have at least 98% charge left when I try to use it in the morning.
  If there's a significant difference over that short of a period with the phone off, then something is broken.
47. Re: My iPhone is somewhere else... by Zero__Kelvin · 2017-07-15 05:42 · Score: 1
  
  OK. You just don't seem to be grasping the fact that we have two different phones, designed by different companies. I assure you there is nothing wrong with my phone.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
48. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 05:59 · Score: 0
  
  There's something wrong with your phone if it's discharging like that. What you don't seem to be grasping is that that's not normal behavior and it doesn't generalize to other phones. You made the assertion, now you back it up.
  Most phones draw very little power when not being used, especially if you've got them turned all the way off.
49. Re: My iPhone is somewhere else... by Zero__Kelvin · 2017-07-15 06:06 · Score: 1
  
  I have multiple phones from different manufacturers and there is a wide variance to be sure. Off you go now ...
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
50. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 07:27 · Score: 0
  
  no it does not dumbohones can last days your standard cell phone wont last a day on a single charge. i am guessing you have never used a dumb phone
51. Re:My iPhone is somewhere else... by __aaclcg7560 · 2017-07-15 07:56 · Score: 1
  
  i am guessing you have never used a dumb phone
  I didn't get my first smartphone until 2011. Prior to that I used dumb phones and pagers for 15 years. Before that I even used payphones, sometimes in an actual phone booth. I'm old enough to remember rotatory phones that my parents rented from Ma Bell.
52. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 08:13 · Score: 0
  
  Did they have to drill out the dial so your fat and stubby mongoloid fingers would fit?
53. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 08:33 · Score: 0
  
  you sound bitter, bro
54. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 09:15 · Score: 0
  
  If I had said "my parents didn't drill out my phone", I'd understand where you'd get "bitter" from. As it is, I don't see it.
  Unless you meant "butter" and you wanted to feed creimer?
55. Re:My iPhone is somewhere else... by aaarrrgggh · 2017-07-15 13:14 · Score: 1
  
  Then keep the phone close; it isn't rocket science! While it might not work especially well, put the watch on the inside of your wrist if you are that abusive. Or, go for the ceramic one that is pretty frigging robust.
56. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 13:15 · Score: 0
  
  It obviously is not intuitive how to properly turn it off, so I'd say there is something wrong with it.
57. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 13:31 · Score: 0
  
  To be fair, you are a Douchebag
58. Re: My iPhone is somewhere else... by Anonymous Coward · 2017-07-15 16:57 · Score: 0
  
  It's okay, creimer. I'm sure that extra three inches of circumference is totally, 100%, muscle. It's not that you're too fat for an Apple Watch, it's that you're so muscular, you'll literally burst right out of it!
59. Re:My iPhone is somewhere else... by Anonymous Coward · 2017-07-17 03:18 · Score: 0
  
  Wow! Such amount of phone spam is one reason to go dual SIM. Perhaps eSIM on the iphone if iphone is to support dual eSIM or SIM + eSIM but if they don't want to do that, that's the end of it. (I found a way to write that sentence without using an f word)
  Note that among some unprofessional European bums or people that don't use their phone professionally we can have the luxury of preferring phone calls. Like, I don't really like being interrupted by an SMS and having to read it and choose whether to reply to it or not (on the keypad, with t9 disabled) where a 15 second call would have been quicker :)
Already by Anonymous Coward · 2017-07-14 09:24 · Score: 0

I don't know why the summary says "starting next week"... I used the new mobile prompt last week.
This already exists. What has changed? by J.+T.+MacLeod · 2017-07-14 09:25 · Score: 2

Google has been doing phone app prompts for 2FA for a while.
Is anything actually different with this system? Or is this just a campaign to encourage SMS code users to switch?
1. Re:This already exists. What has changed? by mhkohne · 2017-07-14 09:37 · Score: 1
  
  Yea, this is 'we need to stop doing the SMS thing, you need to switch over' as opposed to 'hey would you like to try a different thing'.
  
  --
  A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
2. Re:This already exists. What has changed? by Anonymous Coward · 2017-07-14 10:30 · Score: 0
  
  Well then looks like I dodged a bullet. I had been seriously considering turning on 2FA but my phone is not a smartphone. SMS code? Fine. Anything that assumes a smartphone? Not fine.
3. Re:This already exists. What has changed? by AHuxley · 2017-07-14 10:43 · Score: 1
  
  Advertising. The accounts and usage patterns are worth more if they are really 100% human.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:This already exists. What has changed? by thegarbz · 2017-07-14 10:55 · Score: 1
  
  Except 2FA is optional. This is just saying when enabled it won't work on SMS anymore. So much for your rant on everything being the result of capitalism.
5. Re:This already exists. What has changed? by PCM2 · 2017-07-14 11:46 · Score: 3, Informative
  
  Google has been doing phone app prompts for 2FA for a while.
  If you're talking about the Google Authenticator app, then yes, this is different. I started using it on my Galaxy S7 this week.
  The way it works is, you hit your username and login, and instead of a screen that asks you to type in the code you received, it basically just says "Wake up your phone." When you do, you immediately see a screen saying, "Is this you trying to login? Yes/No." You hit the Yes button and the site instantly logs you in. It's pretty slick, actually.
  
  --
  Breakfast served all day!
6. Re:This already exists. What has changed? by somenickname · 2017-07-14 12:19 · Score: 1
  
  Except 2FA is optional. This is just saying when enabled it won't work on SMS anymore. So much for your rant on everything being the result of capitalism.
  It is *for now*, sure. Who's to say that at some point it won't be required and the only platform that is supported is Android.
7. Re:This already exists. What has changed? by Anonymous Coward · 2017-07-14 12:25 · Score: 0
  
  Same reason 'Windows Hello' exists. It guarantees a human is present.
8. Re:This already exists. What has changed? by J.+T.+MacLeod · 2017-07-14 13:44 · Score: 1
  
  To clarify, I wasn't referring to the Google Authenticator app, but to an experience as you describe.
9. Re:This already exists. What has changed? by Anonymous Coward · 2017-07-14 18:48 · Score: 1
  
  It's pretty slick, actually.
  And completely useless.
  The original "one time code" implementation was broken to begin with.* This just replaces the code with a button.
  Worse, due to the button being on the phone now there is the possibility for Google to know the phone's location that wasn't there before.** That's a new information leak that wasn't there before. One that I'm sure Google (and their advertisers) will love to have. (Hey! He shops online while at work / school!)
  *Originally one time codes we're generated offline. That enabled a mode of security due to the code not being detectable (or intercept-able) by third parties. The use of SMS text messages allowed for the code to be intercepted by anyone with the right equipment. In the modern context, the target phone could be infected to prevent fraudulent SMS messages from being seen by the user. Nevermind that due to the online nature of the modern phone, they can be remotely monitored as well. Basically, a modern phone is as useful for proving your identity as a computer at your local public library. But because phones are always on someone, and paid for by the user, everyone settled for a non-security measure, that was more hassle for no actual benefit.
  **One time codes had to be entered on the device making the request not the phone receiving the code. That still doesn't solve the lack of security problem above, but it DID make knowing the location of the phone impossible for Google to find out by the SMS alone. Now, Google can find out by the new button, as pressing the button sends an "OK" or "Nope" response to Google from the phone. In addition it also gives Google whatever crap they ask the default browser to send back to them in the response, so it's not just the public IP of the phone, but potentially anything that Google asks for. (User-agent, list of installed extensions, browsing history, cookie data, IMEI / Serial Number, etc.) So rather than fixing the lack of security, Google has decided to make it worse.
  The best part is: No one will care.
10. Re:This already exists. What has changed? by thegarbz · 2017-07-14 20:51 · Score: 1
  
  Antitrust regulators and basically anyone with a functioning brain who requires that Google isn't about to cut off 1/3rd of mobile users from its services.
11. Re:This already exists. What has changed? by Anonymous Coward · 2017-07-14 23:17 · Score: 0
  
  It's been like this for more than a year now. It's called "Google prompt" and it's NOT the Google Authenticator app. I think it's handled by the Google Services app.
  Maybe it was active only in some countries (Italy here)?
12. Re:This already exists. What has changed? by Anonymous Coward · 2017-07-15 01:48 · Score: 0
  
  I think the "would you like to try a different thing" was also only previously offered to users who were already using an alternate 2FA method (ie RFC 6238/4226 based OTP).
13. Re:This already exists. What has changed? by Anonymous Coward · 2017-07-15 02:02 · Score: 0
  
  There are J2ME versions of Google's Authenticator app, if that is your thing. Do yourself a favor and enable 2FA, without the insecure SMS messaging channel before your account is hacked.
14. Re:This already exists. What has changed? by EkriirkE · 2017-07-15 02:39 · Score: 1
  
  Your second scenario is how it's been for me for quite some time now... I'm also not sure what the purpose of this "news" is
  
  --
  from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
15. Re:This already exists. What has changed? by chihowa · 2017-07-15 06:49 · Score: 1
  
  Worse, due to the button being on the phone now there is the possibility for Google to know the phone's location that wasn't there before.** That's a new information leak that wasn't there before.
  You don't use Google services without fully buying into the idea that privacy is a quaint anachronism or that Google is a benevolent big brother. Nobody who is already living happily in Google-land will care at all about just another information leak.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
But I don't have a smartphone by OzPeter · 2017-07-14 09:30 · Score: 1

So what am I? Chopped liver?

--
I am Slashdot. Are you Slashdot as well?
1. Re:But I don't have a smartphone by jason2971 · 2017-07-14 09:31 · Score: 1
  
  As the article mentions, you can decline the invitation to switch to mobile prompts and continue to use SMS codes.
2. Re:But I don't have a smartphone by Misagon · 2017-07-14 09:41 · Score: 2
  
  But what will you do when you are doing tech support for your mom who had managed to tap "accept" by mistake?
  I have been in exactly that situation when helping my mom when she unintentionally got 2FA on Microsoft's Outlook.com.
  
  --
  "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
3. Re:But I don't have a smartphone by jason2971 · 2017-07-14 09:55 · Score: 1
  
  There will certainly be fallback methods-- authenticator apps (which your mom won't understand either), a backup email address to send codes to or fall back to SMS codes as a last resort.
4. Re:But I don't have a smartphone by silverkniveshotmail. · 2017-07-14 09:58 · Score: 1
  
  You will do your best to help her, you might do a couple google searches before you come to a solution. Nothing new here.
5. Re: But I don't have a smartphone by Anonymous Coward · 2017-07-14 10:07 · Score: 0
  
  No, a luddite. You will die one day and a new younger breed of gender-flexible millennials will take over.
6. Re:But I don't have a smartphone by Anonymous Coward · 2017-07-14 10:48 · Score: 0
  
  But what will you do when you are doing tech support for your mom who had managed to tap "accept" by mistake?
  I have been in exactly that situation when helping my mom when she unintentionally got 2FA on Microsoft's Outlook.com.
  Tell mom to have dad fix it. That or she's on her own.
  Ever since I moved out I refuse to do any more free "tech support".
7. Re:But I don't have a smartphone by Misagon · 2017-07-14 10:50 · Score: 1
  
  You could hope that the fallback mechanism would be designed by competent engineers and easy to understand.
  My mom was certainly very confused about the whole thing. She did not even understand why she could not log in, so she relied on my completely.
  Even following the instructions, it took around a month before it was restored. My mom could live a month without access to her primary email account, but could you?
  
  --
  "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
8. Re:But I don't have a smartphone by Anonymous Coward · 2017-07-14 10:55 · Score: 0
  
  You will do your best to help her, you might do a couple google searches before you come to a solution. Nothing new here.
  Help her ditch the microsoft and google products.
9. Re:But I don't have a smartphone by Anonymous Coward · 2017-07-14 11:01 · Score: 0
  
  i guess you are. me too.
  fuck google for pushing us towards spying-friendly apps instead of simple sms that doesn't even require a smarty phone. i love my flip phone and i especially love the fact it only needs to be charged-up once every 2-3 weeks (with daily use).
  and because my battery only goes through charge cycles at the rate of 20 or so per year instead of 350-500 per year for a smart phone... guess who's phone will last longer if the li-ion battery in each is rated for 1000 charge cycles? my $40 dollar flippy phone with user replaceable battery or your $600+ not-so-smarty-anymore phone with krazy-glued insides?
10. Re:But I don't have a smartphone by Anonymous Coward · 2017-07-15 02:27 · Score: 0
  
  The last resort for Google is a printout of 10 one-time use codes.
11. Re:But I don't have a smartphone by Yaztromo · 2017-07-15 10:34 · Score: 1
  
  So what am I? Chopped liver?
  I don't own a cell phone at all. Apparently I am chopped liver, as apparently it is impossible for (nearly) anyone to come up with a 2FA mechanism that doesn't involve a cell phone!
  Yaz
12. Re:But I don't have a smartphone by Anonymous Coward · 2017-07-17 03:28 · Score: 0
  
  What if you access a Google site on a phone? Then you need two phones amirite? Or hopefully you can use a luddite desktop to receive the 2FA prompt while you're browsing with your phone.
But what if by Anonymous Coward · 2017-07-14 09:31 · Score: 0

You don't use android or have anything related to Google on your phone? like a Windows phone or iphone?
If it doesn't work, that sound like shutting off your customers out because they aren't 100% in your eco system.
1. Re:But what if by Anonymous Coward · 2017-07-14 10:05 · Score: 0
  
  If you use an iPhone or a Windows phone that's your own damned fault. Why would you use either of these?
  A bigger question is how does this work with people who don't own a smartphone.
2. Re:But what if by Anonymous Coward · 2017-07-14 10:15 · Score: 1
  
  A bigger question is how does this work with people who don't own a smartphone.
  Yeah, and what about people without google accounts?
3. Re:But what if by AHuxley · 2017-07-14 10:45 · Score: 1
  
  Wait for the next step. Having to register to search in books, for video content or the web...
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:But what if by Anonymous Coward · 2017-07-14 11:03 · Score: 0
  
  You are very unlikely to be one of Google's customers.
this has been already happening for a while. by Anonymous Coward · 2017-07-14 09:36 · Score: 0

n/t
Will it work... by Thad+Boyd · 2017-07-14 10:07 · Score: 1

...if I don't have Gapps installed?
1. Re:Will it work... by Anonymous Coward · 2017-07-14 10:09 · Score: 0
  
  I can work my penis in the gapp between your mother's meat curtains.
  Hugs and kisses,
  Juan Epstein
And if one uses Thunderbird? by fahrbot-bot · 2017-07-14 10:08 · Score: 1

If one uses Thunderbird and POP/IMAP will they get prompted every time the client downloads mail or just when done from a "new" system?

--
It must have been something you assimilated. . . .
1. Re:And if one uses Thunderbird? by Obfuscant · 2017-07-14 10:31 · Score: 2
  
  I truly love it when Google sends me an email to my gmail account telling me that it didn't allow my device to log in to get my gmail because it was coming in from an unknown IP address. This truly is Dilbert levels of customer support.
2. Re:And if one uses Thunderbird? by Anonymous Coward · 2017-07-14 10:38 · Score: 0
  
  POP/IMAP doesn't use a second authentication factor. I'm pretty sure the 1FA passwords (e.g. for IMAP) added to https://myaccount.google.com/apppasswords will be kept.
3. Re:And if one uses Thunderbird? by swillden · 2017-07-14 17:06 · Score: 4, Insightful
  
  I truly love it when Google sends me an email to my gmail account telling me that it didn't allow my device to log in to get my gmail because it was coming in from an unknown IP address. This truly is Dilbert levels of customer support.
  Nonsense.
  Those emails are important. Not when it actually was your device that was prevented from logging in, but when it wasn't. In that case, the email informs you that someone is trying to get into your account, and that they have your password. Which means you should change your password, right the hell now. Unless of course, you recognize the login attempt because you were the one that made it.
  If you want to stop getting those emails, turn on 2FA.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
4. Re:And if one uses Thunderbird? by swillden · 2017-07-14 17:10 · Score: 1
  
  If one uses Thunderbird and POP/IMAP will they get prompted every time the client downloads mail or just when done from a "new" system?
  If you're using 2FA and want to use POP/IMAP or other protocols that don't know how to deal with 2FA, you have to set up an application-specific password. This is a high-entropy password that Google generates for you, and which should only be used on one machine and one application. You have it generated, copy/paste it into Thunderbird, tell Thunderbird to save the password, then you never see it again. The Google POP/IMAP servers do some additional checking to try to verify that the password only comes from the right app and the right machine.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
5. Re:And if one uses Thunderbird? by Anonymous Coward · 2017-07-14 17:32 · Score: 0
  
  I don't care if my already compromised account is compromised. Id turn passwords off in the first place on my email.
  The lie: :"security matters" is the one that will make me ditch your service. No it truly fucking doesn't. You can fake anything on a current.
  What I need, is people to understand that your perfectly secure account, in ideal perfect conditions can be predicted and false positive reproduced. They can forgery verifiable data. Lets skip the lunacy of saying "the Internet told me so". Data is not secure and cannot ever be.
6. Re:And if one uses Thunderbird? by Anonymous Coward · 2017-07-15 02:31 · Score: 0
  
  That shit never happens, I practice safe internets and put no sensitive/personal info online anyway, even in emails. I have the same 5 or 6 IPs that I access things from but it seems to forget the association because I keep getting these emails. Annoying as hell especially since I don't have a mobile phone and sometimes have been locked out of my account with no recourse until I physically go back to the other IP location and log in from there. What a waste of fucking time.
7. Re:And if one uses Thunderbird? by swillden · 2017-07-15 03:39 · Score: 1
  
  I don't care if my already compromised account is compromised. Id turn passwords off in the first place on my email.
  Your email account is typically the most important online account you have. Not because your emails are sensitive, but because it's the password reset verification mechanism for all of your other online accounts. Like your online bank account.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
8. Re:And if one uses Thunderbird? by swillden · 2017-07-15 03:40 · Score: 1
  
  Set up 2FA. It provides an additional level of authentication that Google will take as proof that you're really you and won't apply the IP-based protection.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
9. Re:And if one uses Thunderbird? by Obfuscant · 2017-07-17 05:43 · Score: 1
  
  Nonsense. Those emails are important.
  
  Given that the only person who is hindered from reading it is me, I don't think so. The chances of me seeing it depend on me accessing my gmail in the very short bit of time between the one failed login attempt and the second successful one when the hacker deletes it.
  He's actively accessing my account. I'm not. Who is going to get to that email first, do you think?
  Now, you might think that gmail will continue to block logins from that location, but they don't. I routinely see the "we blocked a login" emails while I'm still in the place they blocked them from, just not the first time I try to retrieve my email. I try once and see nothing new, I try a couple of hours later and I am told. And it's the old Dilbert joke about customer service: someone who has a problem with their email is told to send an email to customer support to get help. Ha ha.
The Google 2-Step by Anonymous Coward · 2017-07-14 10:09 · Score: 0

Don't brake my heart, my achy braky heart, I just don't think Google would understand.
Uhhwoooooooo !!
1. Re: The Google 2-Step by Anonymous Coward · 2017-07-14 17:35 · Score: 0
  
  I will be careful to avoid any kind of sudden deceleration upon your cardiovascular system, as per your request. I agree, though, Google likely will not understand. It might even break their hearts.
I hate Google's "protection" by Anonymous Coward · 2017-07-14 10:14 · Score: 0

I don't have to worry about people hacking SMS or whatever 2FA system because I don't use 2FA. I use a good unique password.
The trouble is, that's not good enough for Google. If I try to sign on from a different IP address I have to jump through impossible hoops. It's stupid because I can't even access my own account. What if for some reason I NEED to sign in using a different IP? Knowing the password should be enough, period. That's all I want and all I'm signed up for. I fucking hate them adding layers of bullshit above that which can potentially make it impossible to access my account if all I have is my password (ie. I lose my phone, IP/ISP, etc).
1. Re:I hate Google's "protection" by Anonymous Coward · 2017-07-14 11:19 · Score: 1
  
  Google "strongly recommends" that I add another phone to my account. How many phones do they think a person has?
2. Re: I hate Google's "protection" by Anonymous Coward · 2017-07-14 17:39 · Score: 0
  
  It's been pretty well established that 2FA (especially when the second factor is an element that is verifiably near the person) is more secure than 1FA, regardless of the quality of your password.
3. Re:I hate Google's "protection" by tepples · 2017-07-15 04:44 · Score: 1
  
  Google thinks a person has a circle of friends in meatspace, at least one of whom owns another cellular phone.
Again: Glad I don't have a smartphone.. by Rick+Schumann · 2017-07-14 10:18 · Score: 1

..and that the phone I do have (cheap-ass $50 plastic LG dumbphone, LOL) is turned off most of the time. Turn it on a couple times a day just to see if there are any messages for me. Physically shorted the GPS antenna on the main board to ground, so no GPS tracking when it's on anyway, just what tower it's connected to.

I'd never bothered to learn how worldwide PSTN actually worked until I read this article and looked up SS7. Scary, that all that has been done for decades in the clear.
1. Re:Again: Glad I don't have a smartphone.. by Anonymous Coward · 2017-07-14 10:41 · Score: 0
  
  I'd never bothered to learn how worldwide PSTN actually worked until I read this article and looked up SS7. Scary, that all that has been done for decades in the clear.
  Life was simpler back in the good old days when the switchboard operators would listen to all of your calls and snicker at you.
2. Re:Again: Glad I don't have a smartphone.. by Anonymous Coward · 2017-07-14 11:26 · Score: 0
  
  Other than a weak-at-best attempt at being clever, is there a point to your seemingly pointless comment?
3. Re:Again: Glad I don't have a smartphone.. by ledow · 2017-07-14 11:34 · Score: 1
  
  Cell-tower triangulation. Who pays the bill for the phone. "They" probably aren't at all hindered by your smart-arsery.
  But, to be honest, it's nice that you think you're that important that literally anybody would bother to track you.
4. Re:Again: Glad I don't have a smartphone.. by Anonymous Coward · 2017-07-14 11:41 · Score: 0
  
  Cell-tower triangulation. Who pays the bill for the phone. "They" probably aren't at all hindered by your smart-arsery.
  But, to be honest, it's nice that you think you're that important that literally anybody would bother to track you.
  But he's made it slightly more difficult for government and impossible for some others that can't talk to the carrier. So, why be upset he took some basic steps for himself?
5. Re: Again: Glad I don't have a smartphone.. by Anonymous Coward · 2017-07-14 17:45 · Score: 0
  
  I respect that different people want different things, and I'm glad this works for you if it really does... But this just feels a little like refusing to search for any information on Google because "oh well I just trust those people that write the encyclopedia to get it right."
6. Re:Again: Glad I don't have a smartphone.. by Rick+Schumann · 2017-07-15 01:02 · Score: 1
  
  I'd rather be me and take what steps I can take to preserve and protect what I can of my personal privacy and security, than be someone like you, who I'm assuming from the piss-and-vinegar butthurt tone of your comment has completely given up, given in, and gone the way of the yellow-bellied, lilly-livered coward, and just goes along with all the monitoring, tracking, surveilling, and rampant, unabated data collection on you, and likely your family, too. Sad, because you're probably a decent person otherwise.
7. Re: Again: Glad I don't have a smartphone.. by Rick+Schumann · 2017-07-15 01:11 · Score: 1
  
  LOL why is it that so many jackasses on the Internets inject wild assumptions with no basis in fact or reality into conversations? LOL sure I'll search things on Google -- but I don't have any Google accounts, you couldn't PAY me to have any Google accounts. But I use an add-on to my browser that cleans the Google links, so while they certainly can log searches themselves, they can't log any search results I click on. When I'm at home any links I click on go through Tor, so not only can't Google log them, but my ISP can't log them, either. I don't use my real name online anywhere. I don't use ANY 'social media'. There are other security and privacy measures I take that I won't get into. My digital footprint is as non-existant as I can make it. That make you angry or something, that someone else is willing to make the effort, when maybe you can't be bothered yet feel violated constantly? Is that why you're being so condescending?
Also what if you haven't agreed to Chrome's EULA? by Ungrounded+Lightning · 2017-07-14 10:26 · Score: 1

But what if ... You don't use android or have anything related to Google on your phone?
Also: How is this displayed and the reply collected? Does it require the Chrome (or another) browser?
I haven't accepted the Chrome EULA on my Android phone (because it includes the Adobe Flash EULA, which in turn includes a lifetime non-compete, non-reverse-engineer provision).
So does that mean I can't auth with Google?

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Re:this FP fOr GNAA by Anonymous Coward · 2017-07-14 10:51 · Score: 0

I got Goat Cheese Quesadilla. Where are my cock eggs?
Re:Also what if you haven't agreed to Chrome's EUL by Anonymous Coward · 2017-07-14 11:11 · Score: 0

I think you need the google search app installed for this to work.
The litmus test by Anonymous Coward · 2017-07-14 11:14 · Score: 0

Now I get to find out if my phone is a smartphone---or it's the user, dammit
Comment removed by account_deleted · 2017-07-14 11:48 · Score: 1

Comment removed based on user account deletion
Comment removed by account_deleted · 2017-07-14 11:51 · Score: 1

Comment removed based on user account deletion
Let me repeat the mantra -- by Anonymous Coward · 2017-07-14 12:13 · Score: 0

More Complicated does NOT mean More Secure.
They never seem to remember this. However, I suppose it does stroke their unearned "I am a Wizard, fear me!" egos.
Still.. Only 2 stories in 6 hours? by intellitech · 2017-07-14 12:23 · Score: 1

That is beyond incompetence.

--
vos nescitis quicquam, nec cogitatis quia expedit nobis ut unus moriatur homo pro populo et non tota gens pereat.
This won't work for orthodox Jews like Ivanka by Anonymous Coward · 2017-07-14 12:39 · Score: 0

While your rabbi might give dispensation to read an SMS code on Saturday, there's no way you can press the ok button on the Sabbath.
If SS7 is being hijacked... by bferrell · 2017-07-14 12:41 · Score: 1

And routing for sms to the handset is hijacked, how is routing for the voice path not also hijacked?
Something isn't kosher here.
1. Re:If SS7 is being hijacked... by platinummyr · 2017-07-14 13:06 · Score: 1
  
  I doubt they're using routing for voice or SMS. I suspect they're having the device "phone home" where it is, so that it can ask it the question. Not idea how you'd secure that connection tho.
2. Re: If SS7 is being hijacked... by Anonymous Coward · 2017-07-14 13:55 · Score: 0
  
  The Google app on a smart phone uses SSL. It's completely different from SS7 unless you're dyslexic.
3. Re:If SS7 is being hijacked... by bferrell · 2017-07-14 16:02 · Score: 1
  
  In order to locate the handset via ss7 some form of routing is used to a.) send the "message" to the cell site currently connecting the handset.
  "special app" or no, ss7 IS used to locate the handset, allow it to connect to a cell site and determine if traffic is allowed to flow to and from it. Again, if SS7 is hijacked, how are those processes NOT compromised?
  This is not unlike saying the plane has been hijacked to cuba, but the crew is still enroute to new york.
4. Re: If SS7 is being hijacked... by Anonymous Coward · 2017-07-14 19:14 · Score: 0
  
  The term for that form of learning disability with upside down letters is actually pyslexic.
5. Re: If SS7 is being hijacked... by Anonymous Coward · 2017-07-15 02:30 · Score: 0
  
  To continue your analogy, the hack would only work if the crew arrived in Cuba and thought it was New York.
  Hijacking a session doesn't let you decrypt all the messages.
6. Re:If SS7 is being hijacked... by bferrell · 2017-07-15 05:06 · Score: 1
  
  The article says SS7 is being used to intercept sms messages sent to the handset i.e. redirecting them to an alternate endpoint. If that can happen, how can the voice call not also be redirected to an alternate endpont via ss7. That IS what SS7 was made for... To direct (route) traffic (voice calls, sms message and even connect tcp/ip channels between internet gateways and handsets) to and from specific points in the network.
  To state it bluntly, I call bullshit to the stated premise. If sms is being intercepted via SS7 all the others are vulnerable too.
7. Re:If SS7 is being hijacked... by Lancer · 2017-07-15 09:49 · Score: 1
  
  You're ignoring the fact that the app on your phone is (presumably, since it would be nuts to do it any other way) responding to Google's servers with a cryptographically signed response; even if somebody were to route the authentication request to a different end point, they would not be able to answer with an appropriately signed response. And then Google would know that it wasn't you. The benefit of this sort of system is that it could be implemented over completely insecure networks (which is good, because SS7).
  
  --
  Outside of a dog, a book is man's best friend. Inside a dog it's too dark to read. - Groucho Marx
8. Re:If SS7 is being hijacked... by bferrell · 2017-07-15 11:40 · Score: 1
  
  I agree, an app with a crypto handshake, defeats this. Rereading the article, while not explicitly stated it does look like they're using integrated 2FA or 2FA app. Those don't even have to communicate except at initial setup time.
  I read it to mean voice prompts, which just plain struck me as dumb.
  I'll go sit in the corner now.
Good by Anonymous Coward · 2017-07-14 13:43 · Score: 0

Google stopped actually sending me text messages about 3 months ago, out of the blue. Oh, it still SAYS it's sending me one, but nothing. It used to work. Same phone, same number. Everyone else is still able to send me a text to log into my accounts, but not Google.
So, for me at least I'm fine with this, but I've already switched to Authenticator out of need.
Sucks by Anonymous Coward · 2017-07-14 13:43 · Score: 0

On Windows phone and Android the Google app will send prompts to the lock screen.
IOS however Google chooses not to use notification center and you have to intentionally open the app to display the prompt.
Regardless of greater security I don't welcome this change as I hate that they don't push to notification center like they could.
Did you check the Firehose? by Ungrounded+Lightning · 2017-07-14 14:02 · Score: 1

I know stories are posted farther apart at night, but it's embarrassing to have stories three hours apart on a weekday afternoon. These editors suck.
Did you check the Firehose?
Maybe there wasn't anything else WORTHY of being posted.
When that happens I'd rather they DON'T post crummy junk articles just to make a quota.
And I bet, if they DID post such junk, we'd hear even more complaining about the quality of the editorial staff.
Once upon I time I was one of the sysops on an early conferencing system. You would not BELIEVE the amount of what we'd now call cyber-bullying that was directed at the sysops by people who wanted the site run THEIR way.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
1. Re: Did you check the Firehose? by Anonymous Coward · 2017-07-14 14:23 · Score: 1
  
  Normally they do post to try to hit a quota. As I just posted elsewhere in this thread, posts on weekdays are almost always 40 minutes apart and it's very periodic and regular. Often times, the stories show up at the same time each day. And when they deviate, the posts still show up at times that are divisible by five, such as 1:45 or 3:10. The weekends are a little more irregular, but it's probably because EditorDavid is posting instead of BeauHD and msmash. Even on weekends, they're usually spaced just about an hour apart. In all seriousness, I think the last post by BeauHD was queued up last night to show up on the front page this morning. Everything after that has come from msmash and it looks like BeauHD hasn't posted anything today. It looks like msmash has posted about the same number of stories he does every weekday, but with no posts from BeauHD. I have no clue where BeauHD is, but all joking aside about the editors, I hope nothing is seriously wrong. It is, however, highly irregular from the way posts appear just about every other weekday on this site.
2. Re: Did you check the Firehose? by Ungrounded+Lightning · 2017-07-15 10:19 · Score: 1
  
  Maybe he's sick.
  My wife's sick. I'm sick. Our pets are sick. (Different things for the pets, but still...)
  One reason gantt charts don't work as well as people think they should is that they never allocate time for plague.
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Still not impressed -- Doesn't work for 3-in-1's by Anonymous Coward · 2017-07-14 14:43 · Score: 0

A few years ago, while I was too busy to realize how much I had spent, I found that I had at home: Desktop Workstation PC, Travel Laptop, Mobile Phone, 2 Tablets, and a kindle e-reader....
Apparently, I had an expensive gadget addiction...so I promised not to replace those devices that I didn't need.
Now, I'm down to a Microsoft Surface 3-in-1 (replaced my tablet, laptop,and phone). And, I gave my desktop workstation PC to my son. I still have the e-reader and the tablets which serve as my backup computer if something happens to the surface. For emergencies, I do have a samsung phone but it's turned off 90% of the time and all calls are forwarded to the surface.
The surface has a fingerprint reader and face camera so it can do some biometric identification...but I'm not really sure what the best implementation of 2 factor authentication should be in my situation. Google and most sites just blithely assume people like me don't exist.
wrong. of course there is a code by Anonymous Coward · 2017-07-14 20:03 · Score: 0

It is just hidden from the user. It's not much of 2 factor if there is no code. Morrons.