The author is 100% not wrong, but the problem is that, unfortunately, it is entirely possible that Google cannot have an authentication system that is correct for use by the elderly in a shared-machine environment while being correct for everyone else at the same time.
There are options to fix this, but they're social, not technical. To get there, let's start with the technical side of why the author's proposed fix won't work.
Google has no idea who anyone is. The only way they can know is the authentication process. And that process is under perpetual, high-investment attack by basically everyone because Google is a valuable target. Everyone from script kiddies to state actors have tried every method to not only compromise individual accounts but to build frameworks for systemic compromise, because when you focus on a single target you can invest the resources to, for example, set up a server that mimics the Google login page or a phone bot that sounds like it's making calls from Google Security. Our author bemoans the lack of a back-channel to recover one's account, but that back-channel is (a) perpetually overloaded with requests to access accounts (b) one of the major vectors for attempting to steal an account, because the back-channel is just one more interface on the systematically-attacked system.
(Source: I know someone who used to be in the loop on the back-channel. Scammers would call crying about kidnapped children who were going to die in a couple of hours unless they could get into a GMail account to get an address in a ransom note. Google had to train their phone crew to understand that probability was heavily skewed in the direction that if they capitulated, they were, within a statistically-negligible margin of error, never saving a kid and they were always letting an abusive significant other into their former partner's account so they could ransack it for passwords and vulnerable 1FA access codes and fuck up someone's life. Truly sick, heartbreaking stuff).
So that's the system under attack. How to address the problem that the elderly and impoverished can't afford to keep up with Google's security measures?
There are a couple of options here. In the short run, the cheapest is "Don't use Google." Use an email provider under less persistent threat, and one small enough to offer high-touch technical support. This is one of those situations where free may be the enemy of "cheap but affordable," and to bridge the gap someone could even start fundraising to pay for accounts on a service like that. There may even be meat on the bones of someone being a non-profit high-touch email provider of that sort, who can secure a person's account by having them log in from a specific, privileged machine within sight of an operator who knows them personally. Go back to the old days of how the DARPANET was actually secured by "every node is locked behind a door."
Another option is that a service libraries could provide (at possibly great expense to themselves, but options on the table) would be to serve as a credentials broker for their users. Have the library keep track of the 2FA side of things. Risky and adds expense to the library, but for this userbase that local service is the missing piece of the puzzle. Unfortunately, this isn't something Google is set up to provide; they're too centralized, they aren't actually in the communities where the need lies.
> Another option is that a service libraries could provide (at possibly great expense to themselves, but options on the table) would be to serve as a credentials broker for their users. Have the library keep track of the 2FA side of things. Risky and adds expense to the library, but for this userbase that local service is the missing piece of the puzzle. Unfortunately, this isn't something Google is set up to provide; they're too centralized, they aren't actually in the communities where the need lies.
This. I wrote as much in an earlier comment. Why not allow the option to delegate a trusted third party to manage $ACCOUNT MFA flow? I'd use it (and kind of already do, via the recovery email addresses) for managing my aged parents accounts.
This seems like not that hard in terms of implementation and UX. What is the risk/expense from the libraries PoV you are alluding to?
If the library is holding even a piece of users' credentials, they become liable for either intentional or unintentional harm. On the unintentional side: their 2FA back-stop solution could be compromised or stolen by a third-party because they failed to secure it (they'll be a smaller target... Crooks will get very little from stealing access to a small population of older folks over what they'd get for, say, finding a reliable way to compromise any Gmail user's access... But they'll be a target). On the intentional side: they now have to move the bar on vetting whoever staffs the project from "trusted enough to be a librarian" to "trusted enough to be a keeper of passwords or reset emails..." Which, TBH, may be a lateral move, since librarians know what books we read. ;)
But the insider attack situation here is nasty... A corrupt individual in the loop could trivially trigger a password-reset attempt, use the fact they have control over the user's 2FA (or recovery email) to steal the user's credentials, act on behalf of the user for a bit (reroute benefits to some other address?), and then just wait for the user to discover their password is locked out and kindly help them correct it.
Or perhaps someone can setup an email system primarily for the benefit of public library users. Run it as a non-profit / low-profit and provide basic support, do not require 2-factor authorization. Basically the way email was for many in the late 1990s, when they got email through their schools or universities, or perhaps through AOL or Compuserve.
> Basically the way email was for many in the late 1990s
Keeping in mind that the reason 2FA came along was that we learned the hard way that passwords are not sufficient to secure an account accessible on the public Internet. Too many effective side-channel attacks (both phishing the user and exploiting human psychological vulnerability, i.e. pulling passwords from another site and discovering that the same account and password works elsewhere).
... but such a system could allow for the account recovery solution to be "Go to the library and talk to a human being there, who can hit the account reset button." Libraries offer the advantage of having an already geographically-distributed-and-local staff by virtue of the non-digital service they provide.
That's right! What better form of 2-factor authorization than giving someone a human to talk to and show some form of ID (if needed) for someone to reset access to a system? Of course there needs to be trust for the public library employee, but that one person could have more rigorous forms of 2FA than the average public library user. Google isn't the company to offer this sort of thing, so I am hopeful there could be some alternative. However, encouraging random library users to sign up for a non-Gmail (non-Hotmail / non-Outlook / non-Yahoo) email system is the primary challenge.
There are options to fix this, but they're social, not technical. To get there, let's start with the technical side of why the author's proposed fix won't work.
Google has no idea who anyone is. The only way they can know is the authentication process. And that process is under perpetual, high-investment attack by basically everyone because Google is a valuable target. Everyone from script kiddies to state actors have tried every method to not only compromise individual accounts but to build frameworks for systemic compromise, because when you focus on a single target you can invest the resources to, for example, set up a server that mimics the Google login page or a phone bot that sounds like it's making calls from Google Security. Our author bemoans the lack of a back-channel to recover one's account, but that back-channel is (a) perpetually overloaded with requests to access accounts (b) one of the major vectors for attempting to steal an account, because the back-channel is just one more interface on the systematically-attacked system.
(Source: I know someone who used to be in the loop on the back-channel. Scammers would call crying about kidnapped children who were going to die in a couple of hours unless they could get into a GMail account to get an address in a ransom note. Google had to train their phone crew to understand that probability was heavily skewed in the direction that if they capitulated, they were, within a statistically-negligible margin of error, never saving a kid and they were always letting an abusive significant other into their former partner's account so they could ransack it for passwords and vulnerable 1FA access codes and fuck up someone's life. Truly sick, heartbreaking stuff).
So that's the system under attack. How to address the problem that the elderly and impoverished can't afford to keep up with Google's security measures?
There are a couple of options here. In the short run, the cheapest is "Don't use Google." Use an email provider under less persistent threat, and one small enough to offer high-touch technical support. This is one of those situations where free may be the enemy of "cheap but affordable," and to bridge the gap someone could even start fundraising to pay for accounts on a service like that. There may even be meat on the bones of someone being a non-profit high-touch email provider of that sort, who can secure a person's account by having them log in from a specific, privileged machine within sight of an operator who knows them personally. Go back to the old days of how the DARPANET was actually secured by "every node is locked behind a door."
Another option is that a service libraries could provide (at possibly great expense to themselves, but options on the table) would be to serve as a credentials broker for their users. Have the library keep track of the 2FA side of things. Risky and adds expense to the library, but for this userbase that local service is the missing piece of the puzzle. Unfortunately, this isn't something Google is set up to provide; they're too centralized, they aren't actually in the communities where the need lies.