Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Gmail popup – already on vs. count me in
17 points by herodoturtle on May 11, 2022 | hide | past | favorite | 9 comments
So today I open gmail and I get this popup on the top right, asking me about 2 step verification - which sounds good and all that.

But then it shows two buttons, the first says “Already on” and the second (which is highlighted blue) says “Count me in”

I’m not sure how to interpret these (and therefore which to click).

If it’s already on then surely it won’t present me with the option to click it? So what does the alternative count me in do?

And there’s no close / x button either. Annoying.




I’m a security person. I fully support 2fa. I’ve implemented it dozens of times for companies where I work, companies I’ve owned, clients I’ve worked for.

The pop-up you’re talking about disgusts me. Not just because it’s terrible but because it colors a good thing.

If you can’t say “no” you didn’t choose. Action taken without choice is forced.

Forcing your user to do what you want is a display of disgust.

Not the way to delight your user. That’s not a way to partner with a user to increase security.

Note to google product people. STOP DOING THAT.

Note to other product people. Don’t ever do that.


there's been word of them requiring 2FA for a while now. i remember 2-3 years ago the general speculation of them forcing 2FA onto every account holder was a thing that was supposed to happen within the next year or so. until now, i was actually under the impression this is something that had already been done, considering how much they seemed to be pushing it before.

forcing the world to use 2FA would be an astounding resolution to more than a few issues. they've suggested, asked, and no doubt told every account holder multiple times, so i give Google kudos for this move, regardless of how "disgusting" it may come across.

don't get me wrong, i am not a fan and i know how much power Google has. i say that completely ignorant to everything about them, just like every other person in this world. a global conglomerate who has built their own infrastructure from the ground up, as an empire, making sure they literally control and own everything should have never been a possibility.

if this is indeed what is happening with these notifications then i think that everyone should be be thankful, no matter what their underlying nefarious intentions could be. not just people who use their services, either, because the entire planet could use a wake-up call. letting users know how easy it is to protect themselves online, as they will no doubt bitch, moan, and ask "Why?" is inherently a good thing. it could lead into an inquisition into just what they need to protect themselves from, which, in turn will shed a big light on a big problem. the big problem with big tech and big data making our big lack of privacy even bigger by the second.

what's wrong with being treated like you don't matter when it's for the greater good? the fact is we don't matter and it's never going to change unless something drastic stirs up enough controversy that it draws the attention of the global masses. then, and only then will we, as a global population, stand a chan.... welp, 15 minutes is up. what was that about the wrong size shoes being sold across various department stores in northeast ohio?


I figured this was:

1) An experiment to test the level of familiarity that non-technical users have with two factor authentication. That is, does a person who incidentally enabled SMS 2FA understand that having to enter an SMS code every time they log in is a pattern called "two factor authentication" as opposed to just some weird part of Google's login workflow.

2) An artifact of a user's security preferences living in a protected space that can't be accessed by Gmail's frontend. Gmail's dev team got an order to encourage users to enable 2FA and this is the best they could do.

3) A ploy to get people to review their 2FA settings -- or to be sold Titan Security Keys. Google's security team has sent me several emails over the past few months encouraging me to buy these, claiming that I'm at an increased risk of a targeted attack. I'm not fully bought in to their motives.

(All conjecture.)


I was confused as well, 2FA is already on but it asked me anyways with the popup.


I've had 2FA on google for a while, so when I got it I thought it was to enabled an authenticator app like Duo or Google's own app, so I clicked "Count me in" then the box had a loading gif and showed that it was on.


This popup made me panic that someone had gotten access to my account (like through some side channel such as calling google and pretending to be me) and disabled 2FA somehow...


Saw this popup on google maps today, seems like it's in a lot of places. I just ignored it and did my mapping, slightly obscured.


Seems like they just created a new dark pattern: either do what we say or tell us a lie. Disgusting.


i just refreshed the page and the popup went away

but yes google has jumped the shark, everything new moves away from it, and where practical migrating existing away too




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: