I should also point out that unhoused people face extreme challenges when it comes to retaining physical items.

Not just phones, but ID cards, paperwork,, medication, etc.

Any solution requiring long-term retention of a physical 2FA key or high-entropy secret will not work.

This. Libraries are the second-most common Internet access point for unhoused people in the US (after smartphones).

When you don't have a smartphone, or the portal doesn't load on a mobile browser, you go to the library. It makes sense librarians would see this daily.

For the people wondering whether Google Voice would help — the answer is no.

Google Voice itself requires (a) the ability to log into a Google account and (b) a non-GV mobile number linked to the account for verification purposes.

Chicken-and-egg problem for an unhoused person.

I hate to say it, but employees of Bay Area tech giants are probably the last group of people on earth I'd trust to design products that work well for unhoused users.

PS: Many unhoused people access their email rarely, intermittently; they don't stay logged in. They often have to guess several times to remember their password.

It's probably the abuse detection heuristics kicking the session into a "We don't trust you" flow.

Google has recently enabled 2FA for 150 million people, which may be part of the reason why we're seeing more and more GMail accounts become unrecoverable among the very poorest people.

This is, of course, good for the bottom line for a company who makes its money on advertising

In 2020, a report "Society as User" by

et al. raised THESE VERY ISSUES, challenging assumptions made by designers who build apps for the "ideal users" of smartphones.

An earlier version of this work was shared with Google as early as 2018. https://members.newdesigncongress.org/society-as-user/…

The widespread use of SMS-based verification has resulted in poor people being shut out of large swaths of modern life, including, perversely, services designed to help the poor.

This kind of digital apartheid affects the elderly also, regardless of socioeconomic status.

Replying to

:/

i'm not saying you are wrong BUT

i've had the same google voice number for like 15 years now and only an actual cellphone for a fraction of that. i've never been in danger of losing my google voice.

am i missing something?

Replying to

Google usually requires a mobile phone 2FA code when logging into your account from a new device, especially in 2022.

Replying to

I wish it was every 3 months in DC. Sometimes it’s multiple times a month, which obviously causes significant problems

Regardless of frequency, it causes problems like the one you mentioned. Sorry, I wasn’t trying to one up you

Replying to

Accounts can be recovered without access to the assigned phone number if the password and other security information is known. They can also be recovered via an alternate email.

Very many sites (including Google) actively discourage people from using passwords they can easily remember, and password vault sites do the same thing. (And collecting your passwords in a physical location won't work either, because it'll be taken from you.)

Replying to

Just had that experience myself out of the country with no access to SMS. Also if your phone is stolen and or compromised somebody can get ahold of all of your two factor authentications. It's super problematic.

Also, many orgs support 2FA only with a US phone number. Google is fine but Wells Fargo won't text to my Canadian cell number.

Replying to

Tech classism. Is a real issue.