> If they at least would allow for a sufficient number of options. Like paper-tan (even self printed), yubikey or similar, second email address, an authenticator, ... but even big companies often only require a phone number.
Oddly, I suspect if Google provided no free accounts at all--if you had to give a credit card and pay $5 to sign up--nobody would be complaining about this.
Which leads me back to the point made elsewhere in this thread: we have too high an expectation for what private companies can or should do, because they have taken the place in our minds if government.
And our expectations for what government can or should do are too limited, because we've convinced ourselves government is ineffective and unaccountable.
I can assure you that this suspection is wrong, at least about me.
I've personally bought/subscribed to various companies both personally and professionally. Just recently (a couple of weeks ago) I evaluated a couple of mailproviders. I discarded all of those that enforced 2FA with a phone-number.
For instance mailgun. At least the support helped me:
> Hello XXX,
>
> Thanks for bringing this to our attention.
>
> At this time, I have successfully activated your account so that it is now fully operational and you are all set! You may need to log out, then back in, to reflect this change. Also, your users can indeed utilize Google Auth without using a phone number.
>
> Please reach back out if any other questions arise.
>
> Regards,
> XXX | Mailgun by Sinch
Others weren't as flexible. E.g. Sendgrind:
> Hello,
>
> Thanks for reaching out to Twilio SendGrid Support and for your interest in our products. My name is XXX and I’ll be more than happy to assist you in this matter.
>
> I am sorry for the inconvenience caused by the 2 Factor Authentication process, but this is mandatory for all accounts, as a security feature.
> The only options available are to setup 2FA through Authy: to receive an SMS code or use the Authy app, which you can download here.
>
> I apologise for the inconvenience caused by the fact that we do not have any other options available at the time.
>
> Please do let me know if you have any additional questions in regards to this matter and I will be more than happy to further assist.
>
> Kind Regards,
>
> XXX | Technical Support Engineer Twilio-Sendgrid
Forcing me to use your own homegrown authenticator or a phone number? No thank you.
In the end I decided for a provider that offers 2FA but offers multiple options and doesn't enforce it.
> Oddly, I suspect if Google provided no free accounts at all--if you had to give a credit card and pay $5 to sign up--nobody would be complaining about this.
That is like saying 'if the DMV didn't offer IDs to people, no one would complain about not being able to get an ID'.
The fact of the matter is that email is 'de facto' online ID, and gmail has positioned itself into this role. They are now a societal need, not a luxury. They need to be regulated.
Email may be a societal need, but Gmail === Email. They're one email provider in a sea of providers. There are dozens to hundreds of free email provider choices out there.
One doesn't need Gmail to have a functioning email address.
Google seems to support all of those?