I wonder if that's deliberate. My bank also accepted an email utility bill but they said they only ask for the utility bill to prove that you didn't make a careless mistake when entering your address.

> Mine accepted seeing an email of a utility bill on my phone.

To be fair, tons of places use those as proof of residence. It’s not as if it makes a real difference if you print them first.

> Mine accepted seeing an email of a utility bill on my phone. Which is probably fine for just checking out books.

I mean, I just got my `REAL ID` from California, and they accepted printed utility bills as proof of address for me. I could have easily modified the name and/or address on them before printing.

The other proof of identity I used was my birth certificate... that I was able to just order online with the only information required from me was my social security number and answering a few questions that would not be that hard to find out about someone.

Proving identity in a way that works for everyone while not allowing anyone to fake it is practically impossible.

It's supposed to be easy to get a library card! The threat of an out-of-towner getting a local library card is nothing like a stranger getting access to your inbox.

So we have come full circle: starting from a call for help from a librarian seeing lots of people unable to access their accounts because of 2FA, we have proposed various methods of avoiding that, and then concluded that it's better if 100 people are locked out of their own accounts rather than letting one unauthorized person access an account that isn't theirs? I guess that's Google's position as well, because if they let someone unauthorized log in they might be liable, whereas if they lock 100 people out they can say it's their fault...

No, I'm saying those situations aren't comparable. We should not conclude librarians will be poor stewards of MFA reset powers just because they are lax in giving out library cards.

Ah, ok, then sorry for misunderstanding...