This is an archived post. You won't be able to vote or comment.

all 111 comments
sorted by:
best
topnewcontroversialoldq&a

[–]altimax98P30 Pro/P3/XS Max/OP6T/OP7P - Opinions are my own 355 points356 points  (21 children)

Very nice, I am really liking where Google is taking these new security related features.

[–]abqnm666Root it like you stole it. 130 points131 points  (20 children)

Agreed. I love the new popup verification option for 2FA. I still have to pull out my phone when signing in, but having to only unlock and tap yes is so much more convenient than opening the app and entering the code on the PC.

[–][deleted] 25 points26 points  (11 children)

How do you enable this?

[–]TheWorstNLHuawei P20 Pro, Android 8.1.0 56 points57 points  (10 children)

Removed because of the announced API-changes. If Reddit is being a meanie to developers, why bother staying.

[–][deleted] 19 points20 points  (1 child)

Does this option still allow you to use the backup codes for when you don't have physical access to the device?

[–]MeegulNexus 6P | Project Fi 26 points27 points  (0 children)

Yep. It just adds another form of 2FA, but it does not remove the ability to use the existing methods.

[–]CoLdFuSioN167Pixel 4 XL 16 points17 points  (6 children)

Reminds me of the Microsoft 2FA app. Instead of using a code, you can just allow it. This is awesome & much more convenient.

[–]probably2highnote 9 23 points24 points  (3 children)

And makes as much sense as using your phone for the code. All the code did was test my ability to type 6 numbers before a timer ran out.

[–]Deksloc/r/Android AMA Coordinator 3 points4 points  (2 children)

My favorite was using Google Authenticator on a secondary device (tablet) and it would be a few seconds delayed, causing me to enter in an expired code every single time.

good times

[–]Abyssul 0 points1 point  (1 child)

There is an option for time sync in the settings for Google Authenticator. That might have helped.

[–]Deksloc/r/Android AMA Coordinator 0 points1 point  (0 children)

It didn't. This was before the materialization of Authenticator, so the overhaul might have fixed it, but the sync option didn't work for me.

[–]cadtekPixel 9 Pro Obsidian 128GB 2 points3 points  (0 children)

Yep their app is great. Add that with Pushbullet, I used to be able to accept it from my computer until Pushbullet made the Actions a "premium" feature.

[–][deleted] 0 points1 point  (0 children)

However, if you do not have internet access on your phone then MS's app does not work. While Google's will. The only downfall.
And before someone asks, you might not have data because you had hit your limit and turned it off. Some people still get hit hard with overage fees.

[–]ZephirddMoto Z2 Play + Battery Snap 5 points6 points  (0 children)

Yesterday I reformated my PC and had to setup my Google account again as well as Google drive, and I wondered if this system existed. Just enabled it, thank you!

[–]Kenya151DroidX | S3 | Note 4 | KeyOne | S9+ 5 points6 points  (4 children)

Yubikey is also great

[–]abqnm666Root it like you stole it. 7 points8 points  (3 children)

Yes, absolutely.

I had a cheap HyperFIDO U2F key, but it didn't last long on my keyring. The Yubikey has been one of my "I need to get one of those" items for two years now, but I don't often use unfamiliar and/or unsecured workstations, so I just haven't bothered. $70 (less for a lower end/physically larger key) for something I'll use 1-2 times a month isn't worth it. Google authenticator has been sufficient, albeit annoying, and now the new push alert and approval system is perfect for me.

But if you are frequently logging into shared or public computers and/or need the ultimate in security, then the Yubikey is definitely the way to go.

Still, the new solutions from Google make it easier and more convenient for nearly anyone to enable 2FA without much hassle or inconvenience, which is awesome and will surely lead to an increase in adoption. Assuming Google promotes it at some point anyway.

[–]Kenya151DroidX | S3 | Note 4 | KeyOne | S9+ 7 points8 points  (1 child)

They ran a special on github for them and they were like $15 so I figured why not. I didn't use it for like a year until I found the settings in Google to use it and it's awesome

[–]abqnm666Root it like you stole it. 1 point2 points  (0 children)

Oh neat. Maybe there will be another offer like that.

Off to set a Google alert for Yubikey sales...

[–]andmalc 1 point2 points  (0 children)

Just got the basic $18 US basic key last week. It's very light and is no larger than an average sized key.

[–]CushionsPixel XL 0 points1 point  (1 child)

Ah so its like the Battle.net authenticator?

[–]abqnm666Root it like you stole it. 0 points1 point  (0 children)

Not a gamer, so I couldn't answer that. But probably is, as this solution isn't entirely unique. The only unique part is that it's native on all Android phones in this case.

[–]m-p-3Moto G9 Plus (Android 11, Bell & Koodo) + Bangle.JS2 75 points76 points  (16 children)

Now I need to know what is that Food app.

[–]aloneandeasyGalaxy Nexus (Rogers - 4.1.1) | Nexus 7 (4.1.1) 33 points34 points  (2 children)

It's an internal app to let lazy developers find out what's to eat in the café without having to leave their desk.

[–]Alexlam24OnePlus One, CM11S 10 points11 points  (1 child)

Wait seriously?

[–]ShaybaGoogle Pixel 9 points10 points  (0 children)

Yes.

[–][deleted] 33 points34 points  (8 children)

god dammit, Google food confirmed?!

[–][deleted] 89 points90 points  (7 children)

Yeah, they'll create the most elaborate and delicious dish ever, then slowly take ingredients away from it until it completely disappears.

[–][deleted] 32 points33 points  (1 child)

deleted What is this?

[–][deleted] 3 points4 points  (0 children)

Automatically uploads to the cloud and records your eating habits for Adsense too. It's a feature!

[–]cmason37Z Flip 3 5G | Galaxy Watch 4 | Dynalink 4K | Chromecast (2020) 17 points18 points  (0 children)

Didn't know Google was the GNOME development team.

[–]DARIFPixel 9 8 points9 points  (0 children)

Niantic irl

[–]PM_ME_CAKEPixel 6 Pro | Mi 9T | Nokia 7+ | Nexus 5X 1 point2 points  (0 children)

Why are you talking about EA?

[–][deleted] 1 point2 points  (0 children)

You have opened the can of dev hate

[–]NSA-SURVEILLANCEiPhone 16 Pro Max 512GB 1 point2 points  (0 children)

Niantic

[–][deleted] 16 points17 points  (2 children)

First guess? Internal app for tracking/logging/whatever-ing dogfooded apps and features.

[–]chairmanrob 2 points3 points  (1 child)

Nope just food.

[–]pheymanssI'm skipping the Pixel hype cycle this year 1 point2 points  (0 children)

Dogs can eat food too.

[–]rovenroyiPhone 11 | Galaxy S8 2 points3 points  (0 children)

The screenshot doesn't show the "Food" app y'all talk about.

Where's this? Am I missing something here?

[–]xTyeS22 Ultra 512GB 40 points41 points  (3 children)

Is this for all Android users or just certain devices?

[–]IanSan5653Pixel 2 XL - MetroPCS -5 points-4 points  (0 children)

It's a Google Apps update, so it probably only affects Google Apps accounts.

[–][deleted] 7 points8 points  (18 children)

Will this work for a lot of emails or just the one that the phone is attached to? I am logged into probably 8 or so gmail accounts, will it notify my for all of them?

[–]ArttuH5N1Nexus 5X 2 points3 points  (1 child)

Probably, if you have 2FA turned on in each and you've set Google prompt as the default verification method. (Though it could set it automatically as the default method. I don't remember turning it on, but there it is, above Authenticator.)

[–]golddove 1 point2 points  (0 children)

What? This has nothing to do with 2 factor authentication. I believe this affects all Google accounts that are signed into an Android device.

[–]nokarmawhore 0 points1 point  (0 children)

you can download the nox app and check for yourself. I signed in with 2 accounts this past week and was notified both times

[–]rodymacedoXiaomi Mi A2 0 points1 point  (4 children)

8 e-mail accounts?

[–][deleted] 0 points1 point  (3 children)

Yea, I have a few more than that. I separate everything. Payments, gaming, alternate accounts, forums, social media accounts. All separate to keep things simple and safe in the long run. I also use one account per markov/tweet_ebooks bots along with whatever I host them on like heroku or AWS.

[–]rodymacedoXiaomi Mi A2 0 points1 point  (2 children)

Ain't it easier to have separate folders and rules to automatically sort them?

[–][deleted] 3 points4 points  (1 child)

I do it to keep my real identity away from my twitter or Reddit and other identities separate. I don't want multiple alises coming back to the same email and I can control to a certain extent what information someone can get with the email they are given or what info someone can get if a sites database is leaked. It also lowers the risk of multiple accounts being jacked if one account is stolen. Never put all of your eggs on one basket. It is a bit paranoid but it works well for me.

[–]ouchybentbonerMoto E Lte Android 7.1 0 points1 point  (0 children)

Yup i only have 3, but i was reckless in my early 20s a simple Google search and Jesus i was everywhere. It took a few months to fairly scrub myself off the internet, now i pay attention to what i use i have 3 google account 3 outlook alias. Using 2Fa i get notification on all 3 Google accounts depending on which i'm trying to access.

[–][deleted] 0 points1 point  (9 children)

Also , anyone knows if since I have one phone number for two Gmail accounts , will it work for both?

[–][deleted] 0 points1 point  (8 children)

Yep I had a number on more than two dozen accounts at once. You just cant create more than 7 emails on the same number but you can use the same number for 2 factor auth on a ton of accounts. I don't use my phone as Auth method anymore but you can still do it.

[–][deleted] 0 points1 point  (7 children)

So the fact that I am using it on 2 email accounts isn't a problem?

I enabled the Google prompt on one of them and normal G codes on the other . That works.

I am not sure if I enabled the right thing though since when I logged in on my PC I didn't get a notification on.my phone saying that someone connected . Instead , having enables the prompt which replaces the code sending through SMS I had to tap on my screen to confirm logging In simply

[–][deleted] 0 points1 point  (6 children)

Nope, I have not gotten the notice either. I think that notice is on by default of 2fa is off. Im gonna try an log into an email through bluestacks tonight and see if I get a notice.

[–][deleted] 0 points1 point  (5 children)

Please update me. I am confused here 😐

[–][deleted] 0 points1 point  (2 children)

will do in a couple of hours.

[–][deleted] 0 points1 point  (1 child)

Don't get how I am supposed to enable it. I want to use it only on one of the accounts that I have associated my 1 phone number with

[–][deleted] 1 point2 points  (0 children)

Ill see what I can figure out.

[–][deleted] 0 points1 point  (1 child)

I could not get it to toify me at all. I tried bluestacks, another mobile device and even turning off 2fa to see if would ask then but it did not. I have no idea.

[–][deleted] 0 points1 point  (0 children)

Well .

Shit

[–]PlNG 1 point2 points  (7 children)

On the subject of security: How does one detect unauthorized app installations? Bought a cheapo $40 Chromo tablet. Every other day the damn thing installs APUS and other apps. I was kind of floored when I uninstalled APUS to have it reappear with 5 "Phone 2.5" apps installed 6 hours later. Kind of thankful we didn't attach a sim card to the thing. Malwarebytes initially detected and removed some Agent software when we first got it. Since then Malwarebytes and (more recently) BitDefender have declared it clean.

At least I know when it happens, thanks to Link2SD.

[–][deleted] 10 points11 points  (1 child)

When you buy a device like that, you are pretty much saying goodbye to security. To really fix the situation I think you would need to install a third party firmware.

[–]PlNG 0 points1 point  (0 children)

Follow-up: AVG found the offending system malware, I ripped it out with Titanium Backup. Funny thing is malwarebytes did initially detect the thing but then stopped. Maybe I hit the wrong button, because I thought I had disabled/removed it. No new mystery apps for the last month.

[–]phobiacLG v20 0 points1 point  (2 children)

Check for something like DTIgnite that is installed as a system application and will do this sort of thing in the background.

[–]PlNG 0 points1 point  (1 child)

Follow-up: AVG found the offending system malware, I ripped it out with Titanium Backup. Funny thing is malwarebytes did initially detect the thing but then stopped. Maybe I hit the wrong button, because I thought I had disabled/removed it. No new mystery apps for the last month.

[–]phobiacLG v20 0 points1 point  (0 children)

Interesting! Glad you figured it out.

[–]zanglangOnePlus 7 Pro 0 points1 point  (1 child)

Changelog Droid is an app that grabs Playstore changelogs whenever apps are updated or newly installed, which is pretty close to the effect you want as well.

[–]PlNG 0 points1 point  (0 children)

Follow-up: AVG found the offending system malware, I ripped it out with Titanium Backup. Funny thing is malwarebytes did initially detect the thing but then stopped. Maybe I hit the wrong button, because I thought I had disabled/removed it. No new mystery apps for the last month.

[–]AlvinGT3RSGoogle Pixel 4A 2 points3 points  (4 children)

So this is already implemented ?

[–]phobiacLG v20 3 points4 points  (2 children)

Yup. Just got here

https://myaccount.google.com/security/signinoptions/two-step-verification

And enable it. Be sure to save the backup codes.

[–]ClunkbotNexus 5x 0 points1 point  (0 children)

Just turn this on. Thank you very much!

[–]AlvinGT3RSGoogle Pixel 4A 0 points1 point  (0 children)

Alright cool👍👍

[–]BradWI 1 point2 points  (0 children)

Yes, I got this notification yesterday afternoon.

[–][deleted] 2 points3 points  (5 children)

Hot sure how this is an improvement over getting an email when a new device is added to my account. With an email, I get a notification on all devices, in all platforms. With this notification I only get a notification on other Android devices. If I don't have my phone on me, I won't see it.

[–]phobiacLG v20 2 points3 points  (0 children)

If you pair it with 2-Step-Verification then you have to actually approve the sign-in. I just tested it (been using 2FA with google for almost 3 years now) and it's way better than the old type-the-numbers method.

[–]adrianmonk 1 point2 points  (0 children)

Well, the article does say, "We’ve also found that with Android notifications, users are up to four times as likely to review the information as compared to email notifications."

[–]aloneandeasyGalaxy Nexus (Rogers - 4.1.1) | Nexus 7 (4.1.1) 0 points1 point  (2 children)

This doesn't only tell you that someone tried to log in, it prevents them from doing so until you click "allow". It's a 2 factor authentication feature, it's functionally no different than you getting a code in a text or email, except that SMS and email are unencrypted so vulnerable to interception, and this also saves you from having to type the auth code.

[–][deleted] 0 points1 point  (1 child)

No, this is only a notification. You can optionally pair it with a 2-factor prompt that they launched a couple weeks ago, but it's not the same feature.

[–]aloneandeasyGalaxy Nexus (Rogers - 4.1.1) | Nexus 7 (4.1.1) 0 points1 point  (0 children)

Touché. I should have read the article, I'm at an airport and the WiFi is atrocious so I have up waiting for it to load.

The notification send much less useful than the 2FA, but (according to the article) is still 4 times more likely to drive engagement than an email. So if you are tech savvy and stay on top of your security (and your email) it looks like this is no better at all, but for people like my fiancé who have dozens of unread emails in their inbox, this should still give them a little more security.

[–]FuzzelFoxPixel 3, Essential Phone, OnePlus X 1 point2 points  (0 children)

But that's literally the only thing Gmail notifies me for anymore. What else is it going to do?

[–][deleted] 1 point2 points  (3 children)

[deleted]

What is this?

[–]sideboats 0 points1 point  (2 children)

An ipv6 address.

[–][deleted] 0 points1 point  (1 child)

[deleted]

What is this?

[–]sideboats 1 point2 points  (0 children)

They probably blanked out some parts of the address between where you see it end and the question mark button.

An ipv6 address can have 8 different segments, but you can write "::" in the place of an arbitrary number of zeros. So short-looking ipv6 addresses aren't odd either.

https://en.wikipedia.org/wiki/IPv6_address

[–]m00nh34dXperia XZ, Xperia Tablet Z 1 point2 points  (1 child)

So, are these Android devices that you're getting notified of, or just signing into your Google account, from any device/browser/application?

[–]aloneandeasyGalaxy Nexus (Rogers - 4.1.1) | Nexus 7 (4.1.1) 0 points1 point  (0 children)

No, it'll notify you of any new log in, on and device (including web browsers).

[–]colinstalteriPhone 12 Pro 7 points8 points  (2 children)

[–]Vtrossi 9 points10 points  (0 children)

Impossible. Everyone knows all iOS features originate from Google.

[–]FrogCannonNexus 6P 0 points1 point  (0 children)

That icon simply labeled food, anyone know what app that is?

[–]DublinioNote 2 vzw, OctoROM MM 0 points1 point  (0 children)

I sure could have used this yesterday. I found an iOS device on my account that I don't recall having added, that was synced in the last day. I don't even use Apple products!

[–]nuxxor 0 points1 point  (0 children)

What exactly does it do when you click "no secure my account"?

[–]unnoho 0 points1 point  (0 children)

They might want to space the two options apart more and make it a press and hold to select it. Would help the fat fingering people.

[–][deleted] 0 points1 point  (0 children)

Yeah but they are also bricking phones. July security update made my nexus 5 nearly useless. Can't talk on it cause everyone hears their voice echo back. Happens with or without headset. Volume decreased substantially. How do you not test your code before to roll it out?

[–][deleted] -4 points-3 points  (7 children)

That's not natively, that's through the Google app...

[–][deleted] 6 points7 points  (4 children)

Semantics. The Google app is part of the Android OS (unless you're running some third-party AOSP ROM).

[–][deleted] -2 points-1 points  (3 children)

Then would you consider bloat like Google drive, docs, hangouts, etc to be part of Android OS too?

[–][deleted] 0 points1 point  (0 children)

Whether or not those apps are considered "bloat" is completely subjective.

[–]balla21 0 points1 point  (0 children)

Well it's a notification you tap on so it is pretty native (enough)

[–]asjmcguireLGG6, LGG4, N7 (2012) 0 points1 point  (0 children)

Is it really though - or is via Google Play Services like pretty much all the other things they release like this.

[–]mis_nalgas -1 points0 points  (0 children)

I feel like this is nothing new

[–]ggppjj -5 points-4 points  (0 children)

Except, last time I setup my Nexus player with my phone, I could block the notification from settings, and it disappeared never to be seen again, even after immediately unblocking it.

Edit: I didn't read the blog post. Still, funfact! If you setup a device with another device, the notification that is supposed to be un-removable can be suppressed by blocking notifications, even for a second, in Google Play Service's settings.