Comment by Hackbraten

8 hours ago

They didn't willfully delete their recovery phone number. They tried to delete a shitty, known-broken 2FA mechanism after they had set up passkeys. Poor UX conflated the two things, so their recovery phone number ended up being deleted. This is 100% on Google.

Why the fuck would Google care in which country I live? It's a personal decision, and no corporation should have any say in this. They certainly don't have to flag an account for that, especially not if the account has 2FA enabled. This is on Google, too.

Your comment is victim blaming.

4 comments

Hackbraten

jimbocyou 7 hours ago

The problem is the rapid succession of changes to recovery phone number, country, cellular provider. There is no way to differentiate, at scale, between an account takeover currently in progress that needs to be stopped immediately to minimize damage, and a legit user deciding to change all his personal info at once.

30 day cool down period is a reasonable response, at scale.

Hackbraten 7 hours ago
> The problem is the rapid succession of changes to recovery phone number, country, cellular provider.
Aren't cellular providers inherently tied to the country they're in?
How do you move to another country without changing cellular providers at the same time?
- jimbocyou 7 hours ago
  
  Of course you can keep your provider. It's called roaming, per OP story: "I am travelling to the UK and did not want to have *roaming* on my Australian phone."
  For cheaper rates than roaming, typically you install a secondary eSIM for the country you're traveling. 99% modern phones support dual SIM for this reason
- sfmike 6 hours ago
  
  you keep the old number forever and when travelling get a data sim only