I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.
I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.
Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.
How many lies can I believe before I begin assuming everything is just another lie from a liar?
Guess im paranoid.
But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”
I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.
I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.
Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.
How many lies can I believe before I begin assuming everything is just another lie from a liar?
Guess im paranoid.
But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”
But then just don’t use google authenticator and instead one of the FOSS alternatives? Aegis comes to mind.
Like the original reply to your situation said, you do you - but this seems a weird threat model to me, extra-step point notwithstanding.