Those steps don’t actually turn off 2FA for Google accounts.

If you login from a new computer or unrecognized IP, Google forces you to use the YouTube app on your phone to enter a “code” to login. It sometimes doesn’t even let you get a text code. God forbid I lose my phone or delete the YouTube app and login from a new IP. I don’t know how I would even get into my account.

I don’t know how this isn’t a wider spread issue affecting more people but I guess Google developers live in a perfect world where the YouTube app auth can never fail and you never lose your phone.

Yup. I had 2-factor turned off and tried to login to an old gmail account from maybe 5 years prior.

I had the right password and recovery email but I wanted to txt a code to a phone number I didn’t have any more.

That seems insane to me. Right password, access to “recovery email” and still blocked.

What ended up working for me was trying to login when I took a vacation back to the same city when I last logged in.

Didn’t get asked for the OTP code, so could get in and update the number.

I wouldn’t have such an issue if Google had customer support and let you send other proof of identity. But they don’t.

And now I’m getting weird requests to confirm I logged in from the YouTube app on other devices. YouTube?

Have you actually tried disabling 2FA? Because I just did. I followed the steps above then signed in to Google from a clean browser profile with password only. No problem. Then I connected to a VPN in a different country and signed in from another clean profile. Again, no problem.

If you have 2FA enabled, then yes, of course it will ask you for the second factor if you're doing something unusual.

But with 2FA disabled, logging in with just a password works fine.

I have no idea what part of Google's fingerprinting panopticon decided it was okay to let you in from a clean profile, but I can promise you that in the past, I have been locked out. Yes, 2FA was turned off. And there are lots of other reports of this happening around the web, and even here on HN, so I'm not unique.

Yes, I’ve tried turning it off and on multiple times and it still makes me do 2FA.

My problem isn’t that gmail is too secure, it’s that the 2FA setting doesn’t actually turn off what it’s supposed to turn off. Not sure if this is a bug or intended behavior.

Just use another email provider. There are many other free ones and reasonably priced paid services. The paid services tend to better listen to their users since they’re the real customers

That's Weird, I've never had to do that. I can just login to Google with my username/password. If it doesn't recognize the device it just pushes a notification of the sign in to my phone

That's exactly what they are describing - the push notification to the phone _that the user has lost_.

You may have never experienced it, but it does happen. Not just a notification.

I never said it doesn't happen?? I literally even specified "(for me)."

I believe you, I'm extremely surprised I didn't see this considering I've logged in from all sorts of sketchy IPs/VPNs.

I recall that the problem was broader than 2FA. They also re-verify accounts that have been idle, or that are being accessed from a new location. Or issues if you've forgotten the password and don't have a phone.

This is exactly it. And if you don't have a verification method on file, Google will just lock the account if it thinks something about your browser or IP address is unusual. Even if you know your password.

Speaking as a long-time Gmail user who doesn't have a mobile, this is kind of terrifying. Sounds like I need to look into moving to Fastmail or somesuch pronto.

If you have a backup email on your account, that's sufficient (assuming you can get into the backup email), at least in my experience.