Re: @AC Not Surprised
That's still entirely Google's fault.
First there's the fact that my cheapo smartphone doesn't have any room left for yet another app (mostly because Google insist that I keep its own Play-related apps installed and up-to-date even though I never used them, ever, and never will, and also partly because GNURoot Debian is more important to me than pretty much anything else -and nothing of that can be installed on my humongous SD cards because Google's own Android won't allow it without jailbreaking the phone).
And then I only use my Gmail account through IMAP -I only log in my Google accounts when Google forces me to do so because apparently logging in via IMAP from across the street (let alone from abroad) is apparently considered suspicious enough to warrant an account lockdown. Given that my mail apps have, to put it lightly, QUITE decent security features, 2FA would actually decrease both usability and security for me (stealing and unlocking my phone would be a whole lot easier than breaking my accounts from the user side, although of course if The Big G slips and gives access to my account from the inside I'm stuffed, but 2FA can't solve that).
There is of course a bit of stubbornness from my side, too : I couldn't be bothered to keep my smartphone with me at all times to save my life.
The day Google enforces 2FA, I'm gone. I can't be the only one.
Note that I do use 2FA for my banking operations, even though my bank doesn't mandate it. I choose the card-reader password generator, because even though it's a bit more cumbersome it's actually 3FA (webform login, physical card, and NIP). 3.5 FA if you take the card reader into account.
Biting the hand that feeds IT
