Re: Google will no longer send SMSs with six digit codes for verification

On 2025-03-07 08:53, VanguardLH wrote:

AJL <noemail@none.com> wrote:
 

My sensitive apps only require ONE 2FA login (including Walmart). Once
the host device is blessed it can be set so that no more 2FA is
required. So like Carlos I seldom need SMS 2FA. Only the apps on my
new toys for the first time. Course if I was paranoid I could set it
to ask on every login. But I don't. Apparently you do??

 I avoid web-centric site-specific apps, like apps just for one site;
e.g., Walmart, bank, Home Depot, Delta (airline).  Instead I visit them
in a web browser.  One app that does all instead one app that does one
site.  Maybe if I used site-specific apps then I'd get 2FA far less
often, or not at all.  I tend to be very frugal as to what gets
installed on my smartphone.  I'm unlike a lot of smartphone users that
install any app just because there is one.
 Does any web browser store 2FA codes for reuse on login?  Perhaps DOM
Storage (aka site data) gets used for that.  I doubt any secure site is
going to use cookies.  I configure my web browser (Firefox) to purge
*all* its locally cached data on exit as a countermeasure to tracking,

That's the cause of your problem. That's why you are asked to verify your identity not once in a blue moon like us.

and up my privacy, and tweak the web browser to improve security.
Firefox on Android permits extensions like uBlock Origin.  Chrome on
Android does not allow any extensions.
 As for web-centric apps, has there been any independent audits on each
one to determine their login security, and secure local files storing
any user data?  Don't most use the accounts stored in Android itself, so
those get reused.  I don't think Android is storing any 2FA codes or
other token in the accounts stored in Android.

--
Cheers, Carlos.