I ask inspired by experiences with Google. Google/YouTube, for as long as I can remember, always had a strange habit of assuming absolutely anyone even near to you is you. Back when I had my first YouTube account (which was also back when I was in a completely different part of the world), for the last few years of having it, it had my sister’s channel listed under “alternate accounts” and it wouldn’t even ask me for the password to log into her account, I could simply click over to it like it was nothing (led to a lot of sister rivalry moments). Of note, on a less severe scale, something akin to this mindset is also credited to leading me to witnessing a documented and verifiable triple banning of cherished accounts, how lovely.

So yeah, my first curious hypothetical question I have of the year. How common/normal would this stance be on the net, with something like 2FA where it could mean the difference between data and makeshift DNA (secondary question, does it actually work as well as touted years ago)?

  • Bitrot@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    10 months ago

    If it was a family computer it sounds more like she had signed in too. YouTube and Google support multiple accounts being signed in at once and have for years, with an account picker (Instagram does too, on the mobile app). Assuming it was you only due to location or IP would be a huge and highly publicized security lapse, think of college, workplace, coffee shop. The deviantart thing is because they had the same IP address, that has long been a way of checking for ban evasion or banning people in the first place. Spillover to other people in the household is expected and accepted when designing it that way.

    If you were using a phone number, which is generally the worst form of 2FA, they could potentially correlate that the accounts are at least related. Most sites wouldn’t, but places like Google or Facebook might. Other forms like TOTP or passkeys should not.

    • LemmyKnowsBest@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Why do you say telephone 2FA is the worst method? Seems pretty secure to me if each person has their own phone that no one else has access to.

      Except for OP who doesn’t have a phone, But that’s another mystery and I honestly don’t understand how or even IF YouTube thinks that she and her sister are the same person 🤷🏻‍♀️🤔