Ask HN: Since when did 2FA become 3FA?
When did Google stop trusting 2FA? I have email accounts that have Google Authenticator codes.
Now when I sign into them, after I enter my 2FA code it'll ask me for a 3rd factor - it'll ask me "Verify it's you. Google wants to make sure it's really you trying to access" and then I have to do something with an email address or phone number.
How can I permanently disable that?
I want 2FA, not unexpected 3FA...
This is really security being misappropriated for privacy invasion.
Everything Google does has privacy invasion baked into it. Lots of people will readily enter their phone number (which positively identifies them personally) or they will enter an email address that Google hasn't collected before --- either of which will further Google's privacy objectives --- not yours.
Just say "no" to Google games.
It’s because they want PII like a phone number or at least your geographic location whereas TOTP is an offline protocol so they nudge as hard as they can for you to use other mechanisms
I have multiple 2-step verification options in Google Workspace. However it defaults always to "app confirmation" which they call "Google prompts". I'd prefer Authenticator.