Hacker News new | past | comments | ask | show | jobs | submit login

I too was hit by this a few months ago, after having to create a Google account for work, and worked around it by running an android emulator where I installed their authenticator app. This was enough to get past the stupid "you have to have a phone" requirement, and gave me access to the TOTP secret, which I then promptly added to my favourite open source 2FA utility.

Screw you, Google, you're not getting my phone number.




What's your favorite open source 2FA utility?


https://www.nongnu.org/oath-toolkit/oathtool.1.html with some very light shell wrapper around it.


I might do this (install an emulator and use auth app there) if I can successfully login from it, I just need a lot of time to do that (internet here is really slow).

I asked one of my friends with faster internet to do that for me but google blocked an attempt to login with correct username and password.


You can just scan the QR code instead... The TOTP secret is contained in there, and can be copied into just about any password manager.


Please read the original post - the QR code (nor the TOTP secret in any other format) is simply not available until you enable either SMS authentication or the authentication app.

Afterwards, yes, you have the TOTP secret available for use in any tool you want - but I am repeating myself.


Google never offered a QR code like 99% of other MFAs.


Which android emulator do you use ?


I looked around for a least invasive solution, and went with https://www.android-x86.org/ in a small virtual machine.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: