Passkeys for Google Accounts roll out as a "stronger" alternative to passwords

[Redaktion]

Google has heralded "a major step" toward a future in which the password is obsolete, with a new Account option sign-in option. They enable the user to generate a passkey instead of setting a password, and link it to their biometric or PIN in order to access services from the Mountain View giant. The emerging login method is touted as a more convenient and secure form of authentication, although it may have its own drawbacks.

https://www.notebookcheck.net/Passkeys-for-Google-Accounts-roll-out-as-a-stronger-alternative-to-passwords.714567.0.html

[S.Yu]

Very funny. Why is a 6 digit PIN safer than random passwords again?

[NikoB]

Absolutely all e-mail services have become totalitarian since 2022, including Google.

They claim that two-factor authentication (with a phone number attached) is allegedly safer than a username / password. But it's not. Because it has already been proven that special services (and crime) from different countries successfully gain access to people's mailboxes through SIM substitution at the operator level (by order or for money).

Equally unsafe are all bank accounts with dual authorization, where the priority is on the phone number.

Outlook Express/TB(Mozilla) worked fine for me with POP3S/IMAP4S access. But since the summer of 2022, all this has not been working, because. I am being forced to link a phone number to my account, which I am not going to do, precisely for the sake of the security of these accounts on different postal services.

At the same time, all mail services (popular) now refuse to issue a special password for third-party mail programs that is different from the main login / password under the pretext that there is no linked phone.

In reality, these bastards simply collect their phone numbers from suckers in this way (and trade this information along with mailbox data) and moreover, linking a phone gives a legal (legal link) account to you personally. Which should be avoided at all costs.

All this is done not for the safety of clients (this is all a blatant and cynical lie), but for the sake of fishing out the maximum personal information about clients (who they are) and assisting government services in identifying them for the courts.

This is a totalitarian concentration camp, deliberately introduced throughout the planet. Without any real security of customer data and any real protection against crime.

The cynicism of all these businessmen and officials is simply amazing, as is the stupidity of the crowd ...

The only way to protect yourself today is to install a personal mail server on a router (or home server) with open firmware (software). There are currently no other options for safely exchanging mail and data.

Moreover, providers have been deliberately not implementing a full-fledged IP6 for many years for the same reason - it will lead to the flourishing of p2p networks outside the networks of large public services and social networks, where providers will no longer be able to charge money for a "public" IP4 address, which has long been lacking.

[Neenyah]

Very funny. Why is a 6 digit PIN safer than random passwords again?

Funny indeed and that's a good question. I'm just afraid that we won't see any meaningful answer from Google; I mean they are certified liars even with their own products, starting with Stadia as example and claiming that they will never shut it down - twitter.com/GoogleStadia/status/1552989433590214656 - just to kill it not even two months after. So I really wish to see what kind of creative gymnastics is needed to explain why is 190204 more safe and secure than :\n;}kVfW>Q\su%Xv#]&.12. as example 😁

Absolutely all e-mail services have become totalitarian since 2022, including Google.

They claim that two-factor authentication (with a phone number attached) is allegedly safer than a username / password. But it's not. Because it has already been proven that special services (and crime) from different countries successfully gain access to people's mailboxes through SIM substitution at the operator level (by order or for money).

...

Moreover, providers have been deliberately not implementing a full-fledged IP6 for many years for the same reason - it will lead to the flourishing of p2p networks outside the networks of large public services and social networks, where providers will no longer be able to charge money for a "public" IP4 address, which has long been lacking.

It's a long comment so I won't quote it all but it's all well-said, good and valid points Niko 👍

[NikoB]

9to5google.com/2023/05/05/gmail-ads-increase-2023/
www.theverge.com/2023/5/5/23712440/gmail-ads-more-annoying-middle-inbox

And here is one more today's confirmation of Google's greed and deliberate opposition to those who do not see ads and read mail through email programs.

Therefore, you can no longer read mail from 2022 without linking a phone number to your account, because. "Password" for third party apps can only be added after linking a phone number - which people don't want to do, myself included. But earlier in the transition period it was possible and there were no technical problems here and there are not, except for the cynical use of customer data without their knowledge.

Accordingly, such people have only one way to enter and read mail - through the web interface - and this is slow, as dangerous as possible in a browser with a bunch of tabs and plug-ins, and "incognito" will not help you much. And once I get into a web interface that is not for them, I don't need it (I previously read mail through Google's web interface for 10 years, although I have been using it for almost 20 years already!)

Those. the task of Google's dealers is not only to sell your data, which they shamelessly (like other similar companies) trade right and left, but also to force you to open mail through a 100% insecure, for password leaks, web interface to show to you an advertisement that I have not seen for 10 years or more.

And to collect mail from many mailboxes manually in the web interface, it takes a lot of time, and what is done in O/OE/TB in less than a minute on dozens of mailboxes for different purposes...

This is all 100% not for the sake of user safety, but malicious actions to fish out user data (phones, which automatically deanominizes you in the legal field), and forced monetization through advertising.

Completely immoral behavior of Google. And the rest of the postal companies simply copied their immoral and unsafe tactics for customers in 2022.

[NikoB]

Edited version, sorry for mistakes:
9to5google.com/2023/05/05/gmail-ads-increase-2023/
www.theverge.com/2023/5/5/23712440/gmail-ads-more-annoying-middle-inbox

And here is one more today's confirmation of Google's greed and deliberate opposition to those who do not see ads and read mail through email programs.

Therefore, you can no longer read mail from 2022 without linking a phone number to your account, because. "Password" for third party apps can only be added after linking a phone number - which people don't want to do, myself included. But earlier, during the transition short period in 2021, it was possible and there were no technical problems here and there, except for the cynical use of customer data without their knowledge.

Accordingly, such people who do not want to bind their phone number (and carry out deanomization for themselves in a legal field) have only one way to enter and read mail - through the web interface - and this is slow, as dangerous as possible in a browser with a bunch of tabs and plug-ins and "incognito" mode won't help you much. And once I get into a web interface that is not for them, I don't need it - I have not previously read mail through Google's web interface for 10 years or more, although I have been using it for almost 20 years already!

Those. the task of Google's dealers is not only to sell your data, which they shamelessly (like other similar companies) trade right and left, but also to force you to open mail through a 100% insecure, for password leaks, web interface to show you ads that I have not seen for 10 years or more, reading mail only through encrypted versions of POP3/IMAP4.

And to collect mail from many mailboxes by hand in the web interface, it takes a lot of time, what is done in mail programs in less than a minute, on dozens of mailboxes, for different purposes...

This is all 100% not for the sake of user safety, but malicious actions to fish out user data (personal phones, which in most countries uniquely determine who you are, which deanominizes you in the legal field automatically for authorities and businesses - who have bought on the black market databases of cellular operators of all countries), and forced monetization through advertising.

Completely immoral behavior of Google. And the rest of the postal companies simply copied their immoral and unsafe tactics for customers in 2022.

-------
I encourage everyone to create their own mail servers on their routers or home servers and promote mass demand for such solutions with open source software!

All mail between people must move over the network in encrypted form, unreadable by the intelligence services of all countries and businesses.

It would be terrible if quantum computers would overthrow all encryption based on mathematical models with elliptic curves (and almost all commercial and government encryption today). But there are other solutions that are resistant to hacking on quantum computers.

[NikoB]

The point is that all such services leave no choice to the user, lately - to take risks (and this is the right of the user, not the company - to manage risks personally) and use the scheme without two-factor (with a phone number) authorization, only login and password, remaining anonymous in the legal field, for access to the account in general, plus an additional login and password for reading mail only (and within clearly limited limits in the settings) in third-party mail programs. They deliberately left only one guaranteed unsafe way (sim number substitution and access without knowing the login and password through the access recovery system based on the SMS codes).

Which speaks of the malicious behavior of such companies, covering up malicious actions with good pretexts, in which the majority of the population, poorly versed in security issues, naively believes.