Too bad he didn’t have any backup codes. “Creating a passkey on your Google Account makes it an option for sign-in. Existing methods, including your password, will still work in case you need them, for example when using devices that don’t support passkeys yet.”
Right. If only he’d had backup codes in addition to having a valid recovery phone number and email set. 
I was sitting there with him when we were trying to get into the account, and we couldn’t find any way to use either of his “backup” methods. It just kept insisting that he give them the code from “his device.”
This is the sort of thing that drives me nuts, and is the reason I’m skeptical about things like Passkeys. Sooner or later these will likely be required, and we’re not ready for that.
I have presently added them for my apple ID and my google accounts, on both my Macbook Pro and my iPhone. Somehow when I did it, though, I turned Apple keychain back on and did it through that instead of 1Password, which I am now not very happy about (I turned it back on on my iPhone, so now everytime I get a password prompt I have to first select keychain vs 1Password).
I want to undo this and see if these could be added via 1Password instead, so I could turn keychain back off and be 100% 1P, but not sure how to go about it?
I have always kept backup codes but your statement made me wonder, “Has anything changed?”. I read this as saying all I need is a backup code to get into my account.
If you lose your phone or otherwise can’t get codes by text, call, or Google Authenticator, you can use backup codes to sign in to your Google Account.
Important:
- Once you use a backup code to sign in, that code becomes inactive.
- You can get a new set of 10 backup codes whenever you want. When you create a new set of codes, the old set automatically becomes inactive.
- To use backup codes, 2-Step Verification must be on.
That “Try another way” was where we were. And no, we didn’t have backup codes - but we had a recovery phone and an email address that it wasn’t letting us use for whatever reason.
I’m not saying that Google doesn’t have some theoretical internal idea of how this process should work. I’m saying that it’s inscrutable to end users. If you can’t use a recovery email or recovery phone number, and backup codes are the way to go, the process for creating those should be non-optional, in your face, in large print with flashing warnings, when you create the account. I might even go so far as to say that they should force a file download.
When I used to work with a friend of mine building white box PCs back in the day, we put all the manuals, CDs, etc. that might be necessary down the road into a quart-size Ziploc bag. We labeled it “IMPORTANT - DO NOT THROW AWAY,” and handed it to the customer with the explicit directions that if anything went wrong with their computer, they needed to be able to hand this bag to whoever was working on the computer or they were going to be out of luck. There was a short speech that went with it, and because of that customers actually seemed to understand. The compliance rate was stellar.
User education is everything. And even if they don’t know what to do with it, making sure the user has what they need for when there’s a problem shouldn’t be optional.
1 Like
In 2017 “A Deloitte survey of 2,000 consumers in the U.S found that 91% of people consent to legal terms and services conditions without reading them. For younger people, ages 18-34 the rate is even higher with 97% agreeing to conditions before reading.”
People don’t read instructions, they don’t backup their data, or pay for additional storage for their photos, etc. But when something goes wrong they want someone to fix it. That’s just not going to happen when you use free services.
I am willing to stipulate to this, at least partially, because just to connect to the local Wi-Fi at a Starbucks there are 27 pages of text I would have to read.
But that doesn’t mean that tech companies don’t also have to do a better job of surfacing the important information.
It’s not an either/or thing.
Maybe they should require people to pay $25 when signing up, which would be refunded only if they read all the instructions and pass a test 
3 Likes