this post was submitted on 08 Aug 2024
-27 points (33.3% liked)

AssholeDesign

7578 readers
2 users here now

This is a community for designs specifically crafted to make the experience worse for the user. This can be due to greed, apathy, laziness or just downright scumbaggery.

founded 1 year ago
MODERATORS
[email protected]
-27
Are you fucking kidding me man (lemmy.world)
submitted 3 months ago by [email protected] to c/[email protected]
22 comments fedilink hide all child comments
 

IT πŸ‘ IS πŸ‘ OBJECTIVELY πŸ‘ A πŸ‘ DOWNGRADE πŸ‘ IN πŸ‘ USABILITY πŸ‘ IF πŸ‘ I πŸ‘ HAVE πŸ‘ TO πŸ‘ GET πŸ‘ MY πŸ‘ PHONE πŸ‘ OUT πŸ‘ FOR πŸ‘ USING πŸ‘ A πŸ‘ FEATURE πŸ‘ OF πŸ‘ A πŸ‘ WEBSITE πŸ‘

top 22 comments
sorted by: hot top controversial new old
[–] [email protected] 40 points 3 months ago (2 children)

This is actually a really important security protection. Imagine if someone hacked into your bank account, and made a filter to hide all messages of transfers out of your account. Then even if they lose access to Gmail after some period of time, the filter keeps helping them.

[–] [email protected] 31 points 3 months ago

Yeah this is just 2FA, and anytime I see someone complaining about 2FA I assume they don't know what it's like to actually be hacked, to have bank account info stolen and real money on the line.

Yes, it's a pain to get out your phone. It's more of a pain to lose all of your money due to someone getting your credentials and wiring it away. Google has a lot that we can complain about, enforcing security here is not one of them. If you don't want to use the youtube app set up another 2FA authenticator.

[–] [email protected] 2 points 3 months ago

I intentionally don't link anything important to gmail because I don't want to trust them with that. Why can't I disable this?

[–] [email protected] 20 points 3 months ago

No,πŸ‘itπŸ‘isn'tπŸ‘. Have you heard how companies are scammed out of money because of a compromised email?

The way it works is an attacker accesses an email account and sets up a rule saying all internal emails go to another hidden folder. The attacker then email the accounts team asking for payment to be made with an invoice, when the accounts team reply asking questions the attacker sees the email, not the actual email holder.

[–] [email protected] 18 points 3 months ago

2FA is there to save your ass wtf

[–] [email protected] 11 points 3 months ago

Nah, this is a good feature.

[–] [email protected] 11 points 3 months ago (2 children)

You have to open youtube for Gmail?

[–] [email protected] 10 points 3 months ago (2 children)

They use the YouTube app for 2FA as a backup. If you can't access your Android phone or use an iPhone. Android phones have the prompt built-in to the system wherever you're signed in

[–] [email protected] 7 points 3 months ago (1 children)

Which is real fuckin weird, given the existence of

Google Authenticator

[–] [email protected] 7 points 3 months ago

Google Authenticator is actually one implementation of RFC 6238. That's a problem for Google because:

  1. They don't control it: RFC 6238 is an open standard
  2. RFC 6238 works offline, meaning Google can't use it to track you and increase the surveillance on you

Google has been trying to kill off the Google Authenticator for years. Or rather, let's say, gently push users away from it using dark patterns and promoting more convenient solutions.

Which is why everybody should use it as much as possible, because anything Google doesn't want is bound to be better for the user. I mean I know TOTP is far from perfect and not super-secure if you're a high-value target, but it's good enough for most people and it keeps Google in the dark.

I wasn't aware that Google uses the Youtube app as 2FA, but of course it makes total sense to them: it's online and it's one more surveillance point on your record whenever you use it. Then again, if you use Gmail and Youtube, there's a good chance staying clear of the Google surveillance isn't a priority for you, so it's okay for you I guess.

[–] [email protected] 1 points 3 months ago

I think all google apps do this now. I think it's just based on what you last used. At least in theory it's what you last used, sometimes it's not at all right.

I'm just waiting for the day I have to open google sheets to approve my login.

[–] [email protected] 1 points 3 months ago

I kinda figured that was the point of the post

[–] [email protected] 8 points 3 months ago (1 children)

I made a Proton account yesterday to start actually fully de-googling myself. It felt really good. I recommend it.

[–] [email protected] 3 points 3 months ago

Proton email has huge improvements in usability also like:

  • A search function that actually works and is intuitive
  • The ability to actually block accounts rather than sending them to spam
  • Ability to block entire domains
  • "All mail" actually contains all mail (like, wow!)

Etc. I still have to use Gmail for work and the number of times I just say "oh I must have missed that" due to the sheer volume of spam in my inbox and the inability to filter anything effectively or find anything I actually need is too damn high.

[–] [email protected] 5 points 3 months ago (1 children)

..Why is the censor rectangle in the image changing colour for me?

[–] [email protected] 6 points 3 months ago (1 children)

Oh, it's alpha channel. That's.. unusual.

[–] [email protected] 1 points 3 months ago

Does that imply that the censored data is still present on a different channel?

If so, someone might want to notify OP, though I'm not sure whether they would take it seriously, seeing as they don't seem to understand what 2FA is...

[–] [email protected] 5 points 3 months ago

hey man, just turn off 2FA! Then send me your username and password, Ill check you did it correctly

/s

[–] [email protected] 3 points 3 months ago (1 children)

Just like my bank...they want to tie my account to my phones sms so I ALWAYS have to have my phone should I ever want to access my bank account.

The amount of extra crap I have to run through just to see my account is absurd. Sms is absolute shit

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago) (1 children)

Don't blame the banks for implementing security (Well SMS is the barely minimal bar for 2FA, but every other option is going to be some form of needing a secondary device of some kind)

Blame the bad hackers/scammers out there ruining everything

[–] [email protected] 3 points 3 months ago (1 children)

I blame the banks for creating security vulnerabilities in SMS instead of forcing their users to use a proper TOTP system.

[–] [email protected] 2 points 3 months ago

This...

I'm not blaming them for security, I blame them for rushing security and implementing piss poor security to meet the bare minimum standard.

It took my bank years to even acknowledge that upper and lower case in a password could be a thing, let alone implement the proper fix