So the biggest problem is that every optional feature you offer up does not help when someone walks into the library already locked out. The vast majority of society will never be aware of available options and features for their Google account, so it's only the default behavior that matters. Most people locked out of their account could've set up some sort of way to get in (like backup codes), if hindsight was 20/20 and they knew a lot about Google accounts.
You could add a feature like this, and maybe it helps one out of every hundred people who try to log in at this library, and that's optimistic at best.
> So the biggest problem is that every optional feature you offer up does not help when someone walks into the library already locked out. The vast majority of society will never be aware of available options and features for their Google account, so it's only the default behavior that matters.
Fair enough. I live in the EU, we all have state-issued ID cards and no cultural problem with using them, so presenting those via some channel to Google would work here, but I can't imagine it working in the states.
Or how about if google sees you log into a computer associated with a library IP address more than once it offers to help you set this up. With some sort of special dialog that specifically targets people in this situation. And it periodically reminds you to confirm you still have these recovery codes saved somewhere and if you don’t helps you create new ones. I know this isn’t google scale but it’s a nice feel good story that google could trot out at I/O
At what point is it reasonable to start assuming basic security/computer literacy on the part of the public (to the point where, if you screw up, it is your fault for screwing up and not the computer/companies fault for not telling you something)?
This is an open question. We are not there yet, but at the same time I don't think it's tenable in the long term to be in the state of assuming the user can't be trusted to know what 2FA is.
So, my grandmother knows drastically less about computers than she used to. She actually previously used email with regularity, and has since forgotten about even the existence of the email account she had for fifteen years. Unless we have a cure for memory loss in seniors, new less computer literate people will be occurring every day.
So the answer is, unfortunately, never. There will always be people who are not computer literate, and if we want basic services to be available via the Internet, as many government services now are, we have to include systems that include these people.
You can't just discard the poor because they aren't computer literate.
The problem is that "friendly" systems designed for the computer illiterate tends to be obstructive and unproductive for the vast majority of everybody else and that holds just as much in a real-life office as it does on a computer screen.
The term of computer illiteracy is useful in more than one way, and that is literacy. We don't structure our societies (including basic government services) around people who cannot read, instead, we we structure them around the understanding that the average citizen can read, and treat regular illiteracy as a problem to be solved, and in the first world where computer literacy is even a problem that can exist, it mostly has.
You could add a feature like this, and maybe it helps one out of every hundred people who try to log in at this library, and that's optimistic at best.