Hacker News new | past | comments | ask | show | jobs | submit login

Too late for me, but a pleasingly fast and pro-active response from AWS (which rather shows Google up) just received by email:

"If you are an AWS customer who uses Google Authenticator for iOS as a multi-factor authentication device to secure your AWS account via AWS MFA (http://aws.amazon.com/mfa/), please read on. We are writing to inform you that Google has recently released an update to the Google Authenticator App in the iOS Store. We've received reports indicating this update is inadvertently deleting all MFA tokens from the smartphone; this could prevent you from authenticating to your AWS account.

At this point, it is our recommendation that you do not update your Google Authenticator App if you're using an iOS Device. If you have already updated your Google Authenticator app and are no longer able to login successfully you can request assistance from our AWS Customer Service team at:


We have posted this as an announcement to our AWS Developer Forums at https://forums.aws.amazon.com/ann.jspa?annID=2091 and will be posting updates if new information becomes available."

And no word yet from Google... Their lack of customer service is going to end up killing them in a number of markets. I would never use Google for any critical business function (email, payments, cloud computing).

It's pretty ridiculous that I'll probably move from using GA for my Google accounts to Authy, but here we are.

They'll join this thread in a while and call us all novices for not understanding that this is deliberate, well tested, and our fault.


I don't think the people arguing with Justin in that thread are novices or naive users, but they do seem to be unaware that when you lend your computer to someone, you should set them up with their own user account if you don't want them surfing through your stuff.

It's funny how the tech community browbeat Microsoft for years about how Windows should have been designed as a multiuser system like Unix, and then when Microsoft finally took their advice and made the necessary user-level security improvements, their efforts were ignored.

Afraid you've missed the point in the same way as Justin did... Those people (me included) are perfectly aware of that. The argument is that your mother isn't, and while it's reasonable to expect her to be, you can't just assume such.

If so many people are missing the point, then maybe, just maybe, there isn't one to miss.

The majority are always right, for a subjective and wide definition of right.

Because all companies always act like one of its employees did one time.

Not defending Google, but pointing out the sweeping generalization.

To be fair, that wasn't just "one of its employees", it was the head of Google Chrome Security.

What's even worse is with a certain iOS update that may or may not be launching in the next few weeks will make this advice impossible. 3 words for you - Auto updating apps

Which can be turned off

Which 99% of iOS users won't do even if they are aware of it.

I for one won't turn it off, despite having been bitten by this. Life's too short to go around checking HN or Googling for possible adverse consequences of every app update.

That 99% is unlikely to be using two factor auth

Android store can also beturned off.but Google make sure to give you hell for it.

Open market "want to always auto update apps?". No.

Update an app after reading the change log. "want to always auto update apps?". No.

Update the next app... You get the idea.

Also, what's the fallacy about giving you a change log for each version of apps, but not allowing to install other versions? This is the sole reason people will give up those stores. Will not even be the abusive control and price for no added safety.

It's actually opt-in. When you open the App Store for the first time in iOS 7, it asks if you want to enable automatic updates.

I scan the 2D barcode on two apps Google Authenticator and Authy. I also set up SMS Backup and it works well for Gmail/Hotmail accounts.

Just because something is in the cloud doesn't mean you don't need backups.

Backup your entire Google account. Here's a tool to do it: http://www.syncdocs.com/ Print out the 10 password recovery codes Google offers. Here's how to do it: https://support.google.com/accounts/answer/180744?hl=en Having a backup and extra security is essential for everything stored in the cloud.

If you do happen to update and lose your 2FA keys, the AWS people are turning around these lost login requests in <15 minutes. You fill the form out, they call you and verify, and life carries on.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact