Sep 19, 2019
How to turn off "verify it's you" option
All week, every single time I've tried to log onto my email I have to "verify it's me"--except that I can't, because I have no cell phone reception, and there's no option to verify without a phone. The button is there, but it simply loops me back to putting my password back in, and once again, asking me to log onto my phone and get a code. (and once I'm in reception, I get half a dozen melodramatic emails and notifications about how good ol' Google warded off a hacker) this has been a massive hindrance, I can't access any of my files at work now, and I've never had this issue before.
This is infuriating, and I didn't not agree to this feature. I have 2 step verification turned off in settings and yet this is still occurring. My emails aren't that important, I couldn't care less if someone tried to log on with a different computer. If they've actually managed to hack my email, so be it. I'd much rather be able to actually log into my email, which I've been completely unable to do at work all week.
How do I turn this off. It is a waste of time and unnecessary.
Informational notification.
This question is locked and replying has been disabled.
Community content may not be verified or up-to-date. Learn more.
Last edited Sep 19, 2019
All Replies (12)
This has nothing to do with 2SV and it can't be disabled.
The system usually takes into consideration multiple data points to determine if a sign-in for an account is genuine or not. As such, it will mostly treat the device and the location where the account was created and commonly accessed from (depending on other factors of course) as safe and trusted. However, if it detects an attempt to sign in to an account from a different device, location, & network, simultaneously from distant geographical locations, after deletion of browser cache/cookies, a device format or after a period of time among others, the system may, as guided by the flags raised, either insist on additional verification beyond the usual username-password combination, send out a suspicious activity alert for status determination, or deny access.
The process is explained here: Sign in when asked to verify it's you.
Rather than taking security things off, which could make things easier for others to gain entry into your account and cause the system to be even more suspicious about the non-regular access attempts, what helps better is if you set up security in such a manner that it becomes easier for the system to accurately identify you. One such way is by setting up 2-step verification on the account. You can use the Google Authenticator app to generate codes on your device as it doesn't require a cellular connection or internet/Wi-Fi access. For apps/programs which doesn't use the OAuth 2.0, you can use the Application specific passwords. You can even set devices as trusted and carry the backup codes or use a backup option for any emergency.
Dec 4, 2019
A feature to turn off such a system would still be very welcome, it is up to the user to decide whether or not to take the risk of losing an account indefinitely.
The current system is very good for making sure an important account isn't compromised, however such a system is simply bothersome for mail accounts created specifically to deal with spam prone websites (a burner mail).
Additionally, the 2-step verification or regular verification via phone requires a working phone and for the user to give data to Google they might not be comfortable sharing, which in this age of privacy concerns is an important consideration, especially when dealing with a company whose business model revolves around data.
The basis for the current system is good, but it does neglect an important use case of Gmail accounts.
Turning it off may expose users who may not be adequately technically-aware to unnecessary risks. Besides, it may also be something the hackers may look to exploit if they manage to gain access to someone's account.
Phone numbers are not that sacrosanct anymore either, given almost all genuine and reputed sites offer different versions of 2SV, and the use of phone numbers plays an important role in many of them. Furthermore, if someone else who may have your contact detail decides to share their address book with any other site/app, the information will get passed on and used in ways those organizations seem fit.
Dec 6, 2019
What is so bad about using a user id and a password? This is not a bank, or anything that important. Its a webmail account. Does anything from Google bother reading this stuff?
Tell me how to just use a password and a user name. should not matter what computer I use or whos tablet or anything else. Looks like FAKE security theater anyway.
I WANT IT TURNED OFF. PERIOD.
-- You can't, I'm afraid. Every Google Account comes with its basic security provisions that can't be turned off.
I am sick and tired of playing games just to check email.
-- Without knowing how you check emails, it is hard to suggest ways to change it. As long as you sign in from a known device, location, and network and have the ways and means to prove your ownership of the account beyond a reasonable doubt through access to the listed recovery options and knowledge of the account, you should not have any issue accessing the account.
What is so bad about using a user id and a password?
-- That is not considered adequate in today's day and age. An account is often accessed from multiple devices and from different possible locations. So, the system must be intelligent enough to distinguish between someone attempting to hack into the account and the rightful owner attempting to sign into from a previously unknown device, location, and network and proceed accordingly.
This is not a bank, or anything that important. Its a webmail account.
-- A webmail account holds information for others like email addresses, phone numbers, and other personal or sensitive information. So, any lapse in your part could expose those details to others and cause them harassment. For all you know, their accounts could be targeted subsequently. So why should a webmail account have any less security than a bank account for the value it holds?
Does anything from Google bother reading this stuff?
-- Googlers are known to check up on threads if they are made aware of something important.
Tell me how to just use a password and a user name. should not matter what computer I use or whos tablet or anything else.
-- When it comes to determining the sign-in, authentication, and verification process, the system will follow as guided by the flags raised. You agree to the Terms of Service and product-specific policies prior to creating a Google account, you would need to abide by how these things are set up by Google.
Looks like FAKE security theater anyway.
-- Looks can be deceiving. It is not for nothing that all online service providers are making efforts to bolster the security of the accounts maintained with them, be it with 2-step verification or physical keys among others. Security is among the paramount concerns in today's digital world and for someone to demand otherwise, is truly amazing.
Last edited Dec 6, 2019
Dec 6, 2019
Google user
Dec 17, 2019
When I log into new devices, it always gets blocked. Since I'm in university where they reset the computers' cache regularly, this is every time.
-- In case you have read my first response, clearing browser cache/cookies could bring about that result.
Typically, Google recommends that you only access your account from non-shared devices and when you use a shared device, follow the recommendations listed here: https://support.google.com/accounts/answer/2917834?co=GENIE.Platform%3DDesktop&hl=en.
Mind you, I'm in a city where I've done countless successful logins, so I have no idea why this connection would be suspicious in the first place. I prefer not to carry a phone with me, which now means I can't check my e-mail on any new computer. Even with a phone, it's just annoying.
-- The Google sign-in, verification, and authentication process use a combination of various details to make the determination. So, one common determinant, namely the city, is usually not adequate.
Access from unknown devices is easier if you have 2-step verification turned on for the account. Users have mentioned this fact and I have personally experienced it while routinely accessing my account from different parts of the country and overseas. If you insist on not carrying your device, you can still use 2SV via printed backup codes. Even better is to carry physical keys as described here: https://support.google.com/accounts/answer/6103523?co=GENIE.Platform%3DDesktop&hl=en&oco=0
Dec 23, 2019
- Same desktop at work (static IP through Cogent)
- Same laptop at home (static IP through Metronet)
- Same iPhone
- Same iPad
Verifying it's you from the same devices every 24-48 hours? This same "security feature" also ruined Nest products. Imagine you have a Nest IQ camera used as a baby monitor and in the middle of the night Nest logs out with a message saying "Verify It's You." Verify? It's the same device and you only require the user to click on the email account associated with Nest without a password, how is this secure. Another scenario is if you use Nest Protect smoke alarms and have alerts turned on. Smoke alarm triggered and you find out hours later because the App on your iPhone signed out.
Google "google security breaches." Seems like Google is inconveniencing the end user with open security features (and ruined Nest with with limited features including only 3-hours of playback on a $300 IQ camera which I assume is to recap that $3.2 billion Nest buyout).
Dec 24, 2019
Jan 2, 2020
That page doesn't offer an option to toggle verification options OFF. If people remove the details from the "Ways we can verify it's you" section based on your suggestion, they are removing recovery options that are critical to proving their identity as the owner of the account beyond a reasonable doubt. If anything, this will only make it even more difficult for them to verify themselves. So, please refrain from offering such cavalier advice.