Comment by akoboldfrying

I'm tired of 2FA. Absolutely the worst when setting up a new phone after losing the old one. A whole bunch of mixed methods, in 2 hours between installing all the apps again, getting text messages, installing authenticators, scanning IDs, taking selfies, receiving phone calls with spoken codes, grabbing another device that still somehow has access, twenty emails about new suspicious activity, grabbing recovery codes, or scrambling to find the Yubikey I used when registering for the simplest and most benign services that have no connections to my personal data or payment.

Google will insist on sending a notification to a phone you have no longer access to, and regaining access always feels like hacking yourself. I dread the day I lose a phone together with my SIM card and ID during travel. I will never be able to go back and will have to start a new life as an illegal immigrant, living as a hermit in some deep forest.

Personally, if their 2FA doesn't work, then they should definitely permit everyone to avoid upgrading to 2FA indefinitely.

I doubt anyone would blame google for not forcibly enabling 2fa.

> What should they have done? Just permit everyone to avoid upgrading to 2FA indefinitely?

Yes. I've had online accounts for nearly as long as there's been an "online". The only time I've ever lost control of an account was due to 2FA.

2FA should always be optional for one's personal accounts. [0] People who can securely manage passwords simply don't need it. And if Organized Crime or Mossad wants access to my accounts, 2FA is not going to stop them.

[0] Corporate accounts and hardware are a different matter. You manage those however your employer commands you to manage them.

2FA isn't an upgrade, it's an annoyance. If your organization needs secure authentication, it's useful, but as an individual I have only ever been enraged. Making me check my email and phone to log in is a great way to ensure I never use your service again.