I just started using a Fairphone 4 with /e/OS 1.18-s-20231207360611-stable-FP4 (Android 12).
When I first started the Gmail app downloaded from the App Lounge, a MicroG Google account was added to the Fairphone 4 and since then I can manage my Gmail emails via the Gmail app without issues from the FP4.
Instead, when I access Gmail from a computer via webmail and browser, the two-factor authentication on the computer browser says it sent a notification to the FP4 on which I need to tap Yes on (actually it says it sent a notification to a different phone and not the FP4 like it is detailed here https://doc.e.foundation/support-topics/add-a-gmail-account.html), but I get no notification on the FP4 and so I have to choose another way for completing the 2FA like SMS text (which then works and I get the SMS text on the FP4).
Is it possible to have Google 2FA notifications to appear on my FP4 to tap on when I acces Gmail on a computer browser?
If yes, what should I do to make that work?
For instance:
are there MicroG Google settings on the FP4 to check/modify for the tap-on notifications to work?
On the FP4 should I remove the MicroG Google account and add a Google account in order for the tap-on notifications to work?
…
Any suggestion would be useful.
PLEASE NOTE: my experience with smartphones and their operating systems is extremely low, so detailed instructions would be really helpful in case someone has suggestions.
I suggest changing your Gmail 2FA method to standard TOTP code, and using and app like Aegis, available in App Lounge.
Registering a de-Goggled device as Google notification target is likely to misbehave
Hi smu44 and thanks for your feedback.
I am a very basic user and I don’t grasp fully what you suggest.
I can only repeat what I said initially that once I installed the Gmail app from the App Lounge “it came by itself” with a Micro G Google account being added to the FP4 and I have no clue if the 2FA issue of mine is with the Micro G Google account or with something else.
Also don’t know what you refer with “standard TOTP” code nor I have a clue of the detailed steps to eventually start using Aegis or similar apps: should I start removing Micro G or do something else?
Still in the fog.
Any detailed step-by-step procedure (or as close to that as possible) will help.
Thx again
You only have to install Aegis, not to remove anything from your phone.
Once installed, the next steps are to be done on your Google account, like instructed here: https://support.google.com/accounts/answer/1066447 (replacing Google Authenticator with Aegis).
The Google account manager (sorry, I don’t have one) should output a QRCode that you can flash with Aegis, or maybe a key that you can enter manually when creating an entry in Aegis.
Please remember that Google accounts are free of charge, so you can create a test account .
Is there anyone that can tell what would be the MicroG settings on my FP4 to take a look at in order for Google 2FA notifications to properly appear on my FP4 to tap on when I access Gmail from a browser on a computer?
Thanks
You need to log into your google account and add alternate 2fa methods. You want to add printable backup codes and also the Google Authenticator method which you can use AndOTP or Aegis apps on your phone for. The method you describe of directly sending a notification to your phone doesn’t seem supported by microg yet, and that makes sense ast it is a deep layer proprietary method that google uses to do that.
Hi rikshaw,
thanks for the details: I am starting to have a clearer idea here!
When I am unable to receive the 2FA tap-on notification on my FP4 I still have on the computer browser the possibility to receive the OTP via SMS and that is working nicely as it always has been (indeed before having the FP4 I had a normal cell phone, not a smartphone, and I always received OTPs via SMS on that phone without issues).
So I am able to access my Gmail (or my Google account) from a computer browser via SMS OTP which is now received on my FP4.
I thought that there was something wrong with my MicroG and/or my FP4 in not being able to receive the tap-on notifications.
While if the case is simply that MicroG currently doesn’t (and never will) support the tap-on notifications on the FP4, I am OK with that since: 1) I have the SMS option (so I won’t need to use other authenticators or other software on my FP4) and 2) the less “deep-proprietary Google stuff” I use, the better.
Point is that I really endorse the philosophy of MicroG and, by the way, that is precisely why I bought a Fairphone with /e/OS, though I am not yet at the point of abandoning Gmail and other Google services which are anyways still useful to me.
At the beginning of your text you mentioned I should go into my Google account and take a look at the options regarding 2FA.
I will try exploring that on my own asap but before doing that (since I might get lost/confused with those options), one final question now would be if someone knows if there is a way to set my Google account (after accessing it from a computer browser) to avoid sending me the 2FA tap-on notifications while instead receiving directly the SMS OTP.
Please let me know in case I misunderstood some parts of your reply.
Usually a google request for 2fa will come up asking if they can push to your phone. But at the bottom you can click other options then go for the authenticator app option. SMS option is considered a security risk and many g suite using companies like mine have disabled that option. So you will want an additional option.
I suggest setting up using the authenticator app as soon as possible. You can also run the app on a 2nd phone and also on desktop. I do this so a phone being stolen will not lock me out.
In addition you can put the printable backup codes in your password database (I use bitwarden synced to all my devices). This way you have multiple ways to get in from all devices, all secure behind strong passwords set for authenticator and password apps.
I need to review if these other methods can be set as default. Maybe not meaning you will always have to choose “use another way” but again you will be set to not get locked out of your own account.
