The shape of things to come?

[88V8]

I hope not.
Yesterday for the first time in ages I went to log in to my Google account.
They wanted me to confirm my age so I could watch some innocuous video.

After the password, I saw that they 'did not recognise this device' which is the same device I have used for eight years, and wanted to send me a text message to confirm it was me.

Well I do have a mobile phone, and occasionally I switch it on. But I'm blowed if I'm going to be glued to it.

Are Google just up themselves that they imagine their services are so important I might want to fake myself. Or is there some good reason.
I'd hate to think that in times to come I won't be able to log into anything without this palaver.

V8

[UncleEbenezer]

If you haven't logged in in ages, maybe a cookie they use to recognise the device had expired?

Don't you find yourself having to re-login to Lemonfool and other interactive sites from time to time?

[Julian]

I hope not.
Yesterday for the first time in ages I went to log in to my Google account.
They wanted me to confirm my age so I could watch some innocuous video.

After the password, I saw that they 'did not recognise this device' which is the same device I have used for eight years, and wanted to send me a text message to confirm it was me.

Well I do have a mobile phone, and occasionally I switch it on. But I'm blowed if I'm going to be glued to it.

Are Google just up themselves that they imagine their services are so important I might want to fake myself. Or is there some good reason.
I'd hate to think that in times to come I won't be able to log into anything without this palaver.

V8

On that "don't recognise your device" verification it's usually only done once and then it should remember it and not challenge you again. Sometimes it also happens to me if I move an existing device a long way physically when I'll get a "you're logging in from an unknown location" alert. It's curious you got it now, perhaps as UncleE said it was a cookie expired or got accidentally deleted or as a slightly further stretch (UncleE is probably right) just maybe your ISP made some networking change that made Google think the device was a long way away from where it last saw it so wanted to make sure it wasn't cloned.

As for "is it the shape of things to come?". My opinion is yes, I'm afraid so. It's the end of the early more innocent days of the internet because it's become a very dangerous place for people who don't take care and, because so many people still don't (e.g. admittedly these are the most commonly HACKED as opposed to USED passwords but look at the numbers, 23.2m uses of "123456" - https://www.technotification.com/2019/0 ... ords.html/), responsible providers really do need to start enforcing some extra security steps so I think it's pretty unfair to characterise Google as "up itself".

Google has an additional problem that a lot of people don't realise how critical their email account is - "I don't care about that one, if anyone hacks into my email there's nothing I'd be worried about anyone seeing" is something I've heard and read quite a few people saying/posting. The fact is that for most people their main email account is probably their most critical account of all. If compromised the hacker can look for "thank you for signing up to X" messages, go to those sites knowing your user ID because it's usually in the welcome message, ask for a password reset link to be sent to your now-compromised email account, follow the link to reset your password, and they're in. At that point they could also change the email address associated with the account they just got into and at that point you've lost control of that account entirely and usually will have a nightmare proving to the company that you are the valid owner and should be let back in because you won't know the password, the email address, and possibly not even any physical address or phone contacts stored against the account if those have also been changed by the hacker. There really have been reports of that happening, there are a lot of nasty people out there.

The above is one reason why asking "memorable answer" security questions to validate password resets is becoming more common and why you should take care with the answers. It's not that hard to find out places of birth or schools so I always have totally nonsense cryptic answers for mine. Also, since you mentioned age validation, anything that asks me for an actual date of birth that isn't a banking or government site gets given a false one by me. I never divulge any of my real data - name, address, phone numbers or DoB - to any site that doesn't really need it. In those earlier innocent days I was too influenced by my upbringing and being truthful so when I was asked those questions I answered truthfully; idiotic in retrospect. Undoing years of my instinctive honesty by logging onto every account I had to anonymise all the info anywhere that didn't need it, and also strengthen and make unique all passwords and additional security questions, took me the equivalent of an entire 9-to-5 working week. It was a mammoth and very tedious task but I now mostly live at Buckingham Palace and can be contacted via the tip-off desk at the Daily Mail as far as the internet is concerned.

- Julian