> On December 5th, I sent a note to a PR contact who I work with on Google-related news and I told him about my problem. He said he had gotten my case escalated and I should hear within 24 hours.
Sadly in all these stories that end successfully there is an inside help from someone that has contacts in Google. I don't even want to think about what would happen to people that don't know anyone inside Google.
I used my work email as my backup for my gmail account, and thus could not retrieve my password after I left that job (on good terms even, but they would not let me use my old email). Having access to my android phone tied to the gmail account helped not at all.
I tried the gmail password retrieval system repeatedly, but could not get it to recognize me even though I had an archive of much of my email, so I thought I could be confident in answering questions about who I emailed and such.
So, I switched to a new email account. Luckily, I had a tablet that (to this day) is still logged into my lost gmail account, so I can tell that nobody I care about is still sending to the old address.
All in all, the consequences weren't that bad, although among them were the loss of my ability to have my straightforward firstname.lastname@gmail.com address...unfortunately using just my first initial and last name is not unique.
The concept of being able to reach a human being at Google is tantalizing but the fact is, I have such resentment and bile built up for the way things were designed that I'm not sure I want to reach out. And it doesn't matter a great deal anyway. I suspect in the long run it's lucky I learned not to trust them too much.
I have a similar situation with my cable company. I have a mail account that I used like 20 years ago that still gets mail, but I can only access it by copying a cookie to my browser.
According to the cable company, the account does not exist. Somehow between the multiple mergers, it keeps getting migrated but is orphaned from their identity system.
Please tell me you've at least set up the email forwarding and "send-as" features so that you can send/receive via that account from another account if you ever want to? And on that note, maybe also set up an application-specific password if it allows you to do this without entering a password? (Though MAKE SURE to test this on your new account to make sure it doesn't lock you out with a password prompt if you attempt this.)
(Although note that if you do this via Gmail it will leak your sending email address in the headers.)
Also, I think you might be able to retrieve the rest of your emails too. You might not have IMAP access, but at worst, you can write Google Scripts and have then upload your emails to another account. It will be rather slow but you should be able to copy all your emails this way. I don't think it should prompt you for a password when giving permission but I'm not sure; again, test this on your new account before trying. Make sure to wait like half an hour to make sure any internal password prompt timers expire.
My sister-in-law has a blog that sends out email notifications to subscribers (who requested them) when she posts a new article. After a few hundred subscribers had marked these notices as spam rather than unsubscribing, her blog, email account and entire site got blacklisted. She only managed to get this cleared up via a tech support friend who has contacts at Google.
This stuff makes me worried about the future. We'll have this massive AI/computer machinery making more and more decisions without any recourse. This will be the ultimate faceless bureaucracy.
At work I can almost every day hear someone yelling at his health insurance company because something has been f...ed up. Once they start hiding even more behind automation how can you resolve anything?
I chased down a spam flag by one of our users a while ago (we only send transactional emails to actual accounts) and actually spoke to the user since he complained about not receiving any of our emails.
Turns out he uses the spam button in his email client as a temporary deletion / archive for emails he wants to read later...
TLDR; Many users create their own issues by just not giving af. It reminds me of antibacterial hand wash.
You'd be surprised for how many technology-inept users that wouldn't make a difference. They'll still mark the email as spam. It's easier for many people to understand and easier to click.
You are absolutely right, e.g. I marked Microsoft's MSDN emails as spam. But that was largely due to the fact that the unsubscribe link in their emails redirected me to an unreachable server for weeks and then I gave up.
If an email doesn't offer an unsubscribe link, or if that link doesn't immediately unsubscribe me without any extra clicks (e.g. takes me to an "update email preferences" page or, god forbid, asks me for my email address or other info), I click Report Spam for it.
You'd be surprised how many opt-out messages and messages sent to unverified addresses I get. They all have unsubscribe links but I'll hit report spam each and every time.
It sometimes can be better to mark it as spam. There was a thing a while back where the unsubscribe link was just verifying that you still check that email account, and you click on links, so they'd send you more spam.
That's closer to an urban legend than the truth. If you once gave them your email address, they are generally good about honoring unsubscribe requests. It's expensive for them to create a high-quality customer list, so they're not going to play games that put them into a gray area. Don't be lazy and classify them as spam on this basis, because it fails to distinguish good-faith businesses from actual spammers.
Senders who bought, stole, or brute-forced your email address are a different story. For them it's just a numbers game. They are, by definition, spammers and should be treated as such.
There is a final group of senders who you did once interact with but who show these behaviors:
1. They are too incompetent to keep the unsubscribe server running;
2. They broke the the mail template so it doesn't point to a valid URL;
3. They fail to control subscription preferences within their own company so that the marketing department keeps using the same old list even though months of unsubscription requests have accrued since then;
4. (My pet peeve) They take you to a blank form that asks for personally identifying information in order to unsubscribe, rather than embedding an identifying token in the email's unsubscribe link. Out of principle, I will not enter PII into any form on the other side of an email link, even if it comes from someone in my family. It's too easy to fall victim to phishing, and I resent any sender that puts me in that situation. If a business asks for any PII to unsubscribe, I close the tab and mark the email as spam.
Any of those get marked as spam. Their intent was not to spam me, but I can't do business with incompetent senders.
And how many things are "signed up for you"? There's a lot of those. It's getting harder to tell what I actually signed up for, and what I thought I was signing up for.
If they say "signed up for you," then it's spam -- it's unsolicited commercial email. Unless you designated someone else as your agent to sign you up for crap on the web, then you didn't solicit it.
me too. i consider it spam because i don’t want people sending me random crap and i could care less if it hurts the person sending the mail. either way it gets it out of my way.
I would still consider it as unsolicited if I didn't opt in to receive further emails. Just because I bought something from a company once doesn't mean I'm happy to receive a "please rate us" begging email, an offer to look at their other products, and a "merry Christmas to all our customers" message. Not really spam in the traditional sense but these type of emails seem especially prevalent at the moment and dealing with them is a big time sink.
She's a weaver, fabric artist, and teacher of fabric arts. Travels the country giving courses. Sells instructional materials and occasional tools and materials. Not a bit of shadiness involved. Your comment is inappropriate for this site.
In my experience, that is 100% true. I made an app and uploaded to the Play Store, but it was rejected for whatever reason, and I was told I'd hear back from them within 72 hours. 8 days later after not hearing anything from them despite multiple attempts, they got back to me only _after_ a friend of a friend connected me with someone who works at Google. The iOS store was a piece of cake compared to anything Google related.
> inside help from someone that has contacts in Google
The same is happening with Amazon right now; sellers getting kicked out by default and there is no way to get hold of a real person, just talking to some machine learning bot. Real people simple don't matter anymore.
It happens all the time, and there is no recourse unless you can get lucky enough to cause a social media storm with enough outrage it catches someone's attention.
Agreed. I see this story several times a year. Usually with small time people with no contacts to get them help, but I have seen large companies lose control of everything as well. I just don't understand handing over mission-critical services to companies that offer you zero control or support in exchange for free or nearly free.
The ability to cause a social media storm alone could be a motivation for having some social media presence. It seems otherwise you are screwed if something goes wrong.
My AdWords account got locked a few years back. It was my first attempt to try AdWords on my website. I've loaded around $20 and it almost immediately got locked (not a single ad was shown/clicked). I could never unlock it or retrieve my money from it. So Google has my 20 dollars now.
I recently got a letter in the mail (from EY if I recall correctly) who on behalf of Google, asked me if I wanted to collect the unused balance from an inactive account (with options on how to receive said funds), otherwise it will go to your states' unclaimed funds. Perhaps check there to see if it got sent there?
Whoops, yeah, I guess it depends on how many years back it was. I guess it's better advice for what to do when it happens. That said, I know at least bank's website allows disputing transactions over a year old but I'm not sure if they allow over 2 years or not (you may have to call).
US over time has developed this amazing alternative system to deal with all kinds of really complicated b.s. it involves guys and gals in black robes. They even get to say "Agree, that thing you signed is stupid, so we are going to presume you did not actually sign that".
Use them. They are lovely. 1-800-BUILD-A-BEAR lovely.
They also happen to love to smash into faces of smug dumb entities. Like Google. Or Apple. Most often because they have their own horse to ride. But who cares. Just. Use. Them.
“That same day I opened a second GMail account so I could have access to services like an email account if need be, [...]”
So, this journalist is in the middle of a horrible experience with Gmail and responds by ... opening another Gmail account, because basically realistically imagining email as something other than Gmail is far too much of a stretch in most people’s minds.
This happens all over the place -- for some reason, the majority of the people won't learn. They'll tell you horror stories about how they lost a lot of work (or even money!) because a provider never gave them support, yet, go back to that same provider.
A group of acquaintances had a Facebook group where they shared research and documents. It got deleted and they lost everything. Thrice. I suggested they used something else for document storage each time, but was just ignored or shooed off.
The root cause of the problem is kinda beyond me -- but it's clear that people are unwilling to learn from experience when it comes to these things, and that these free services will continue to behave as they do because there's no downside to doing so.
My sister had her broadband slammed (taken over by an ISP without any request or permission whatsoever) which left her with an unreliable and slower service. She stayed with them.
For about three years the router they sent her would kick off the fifth-oldest DHCP lease and the ISP kept refusing to replace it.
But a Google account is not just email. It's also drive, calendar, and so on. There's a lot of time spent becoming familiar with those services, and to up and switch that entire suite would take a massive amount of relearning. Under the same circumstances as the author, I think I'd be back to Google. Remember, other services have their own issues as well.
Having read the article, I start to wonder whether GMail is a service for Google, run by the user, where Alphabet are given invaluable personal information about a person, which they can then correlate with their other services in order to build a detailed mine of data about that person.
In the course of this transaction the user may be permitted to read the emails that belong to Alphabet.
This is very much true. I built an ecosystem around Google because they work fine (usually).
Rebuilding this for, say, Microsoft would be a tremendous effort.
Yes, I do. The only thing I miss is tagging/archiving. Fastmail uses a traditional folder paradigm, and archiving only moves the message to a special archive folder.
Their login 2FA options are as good as Gmails, and I like their mail-rules better (though you have to drop into "power users" mode more than I'd like).
Honestly I think the answer to your question is: giant fail by the tech community, because to my knowledge there isn’t anything actually comparable, free or paid.
Yeah well I got locked out of my hotmail account 5 years ago and I never got back in. There was a bug in an iOS release that caused the Mail app to make repeated, unnecessary requests to authenticate hotmail/outlook so Microsoft determined that there was suspicious activity and locked me out. They have an account recovery process for situations like this and I tried, and tried, and tried, and failed to regain access. I just tried again last week. I tried contacting them directly, too of course. No luck.
So I know what happens when you don't know someone on the inside: you are out of luck. You lose important emails, photos, notifications, bills. You have to change a lot of your other accounts. No fun at all.
Wait...you want to know the worst? That's the email I used for coinbase that I think still has a few Bitcoin in it. I can't log into coinbase because I don't have the same phone with the same phone number for Authy, and the recovery email is the hotmail email I am locked out of. Of course I have open support tickets with coinbase bu you can imagine that I'm not exactly real high in their priority queue. So being locked out of my email has cost me a lot of money in the long run.
I'm sympathetic to your situation. But being locked out of selling your bitcoin for a few years might have resulted in you earning a lot of extra money! Hopefully you can regain access to Coinbase. Since they are regulation-complaint and legit, you should eventually be able to gain access to your assets. If it's enough BTC to be worth the expense, maybe you could expedite the process with a lawyer?
I'm in the same situation right now. I didn't back up my Authy keys because when I switched phones, the balance on my Coinbase account was zero (still is), so it wasn't a high priority to me.
Now, I'm trying to get back into the account so I can add some BTC to sell it, and I'm getting nowhere with the customer support. For an account with a 0 balance. And I still have access to the correct email, phone number, etc.
At this point it'd just be easier for me to sign up for a new account I guess, but I don't want to have to use a throw-away email for that. You'd think there'd be some kind of easy path to regain control of an account with zero balance, as there's no risk of theft. Nuke all attached bank accounts and the like as a safety measure.
> Imagine you have spent much of your digital life for the last 12 years on Google. You rely on their mail and calendar, Google Drive for storage and Google Photos for your photo archive.
Like I've said in the past here [1], if something is so important to you, you need to treat it as such. Continuing to use a service that offers no guarantees, availability or even continuing access to your account is a sign of ignorance, when you rely on that service so much.
Now ignorance is not the fault of the user. It's primarily the failure of education. There are multiple deficiencies at play here:
1. Lack of knowledge of general population about significance of terms of service, and literacy to read and understand them.
2. Lack of regulation to enforce service providers to provide concise and less technical terms of service.
3. Lack of clear options provided by the service provider for users, so that if a paid option with guarantees is available, it's easy to sign up for and use.
In case of Google, you can, for $60 a year, have an email account under your own domain (which by the way decouples you from Google if you wish to move to another provider in the future), a 24/7 phone support and other goodies. The issue is the number of hoops you need to jump through to set that up, making it inaccessible for the average user. This is Google's fault.
The main problem is that people do not want to pay. Simple as that. For example, I met so many real estate agents which refuse to have G Suite and pay $60/year because it is "too expensive".
Google will give you a chance to move your data out of their cloud should they decide to kick you out. This option is available if you pay for the GSuites (their business plans) which I mentioned above.
Any provider has the right to terminate your account for variety of reasons even if you're a paid customer.
Isn't a big problem is that they will sometimes lock you out of everything for some behavior they think is bad on just one of their services. You have been denied access. No tech solution to this problem.
In the era of cloud services, if it's not on your hard drive you could ultimately lose access to it at any time. People tend to think about reasons like companies shutting down services, getting acquired, etc. but this brings up an entirely new class of ways you could lose access to your cloud info: Locking yourself out. Maybe you forgot the password, your password manager had a bug, or the account was with an old school or work email you no longer have access to. This may seem silly but as a dev I forget my passwords for things all the time. Imagine how this kind of technological shift impacts a non-technical person.
Google (and other companies) are purposely opaque about how they determine whether you have provided enough information to verify you are the owner of the account...
Getting it wrong has significant impact on how much the brand is trusted (and for some companies, that's all they have)... Lose it and it's time to shutter!
To be fair to Google, they do regularly prompt users to review the security of their account (e.g. with checklists like this: https://support.google.com/accounts/answer/46526?hl=en). Note that Step 3 is "Update your account recovery options"!!
> That same day I opened a second GMail account so I could have access to services like an email account if need be, even if it didn’t have any of my previous data in there.
When service is this terrible, why stick with the bad provider? I generally find the whole article sort of depressing... “Google ignored my problems for a month. But now I have access again oh well yay!!”
Because what's the alternative? You can spend weeks moving all your data to Microsoft or Apple... and suffer lost messages when people don't update their e-mail for you... and then discover they're just as bad or worse?
What's an alternative to Gmail+Drive+Apps that has as much functionality, ease of use and convenience, and at a comparable price, but guarantees you won't get locked out?
Just to provide one example - about a year ago I moved from a 12 year old Gmail address to another address/service. The lift for updating people, services, etc. really wasn’t that much. I left the gmail around and I do log in once a month or so but the last time I remember anything of interest coming there was maybe six months ago.
I also exported all of my emails from Gmail. I recall accessing them once maybe a month or two after the move, but since then I haven’t touched them.
In general I think people attach much more significance to things like email addresses and phone numbers than is necessary. Frankly I’d much rather things like that change from time to time so they aren’t so easily used as semi-permanent identifiers.
I just moved all my E-mail from Gmail to my own VPS running Exim. Took maybe two evenings of work including IMAP access and a basic spamassassin setup.
It’s called paying for the services you use. You don’t even need to switch to a different product / provider, just pay $5/month and ~$10/year for a domain name. Then worst case scenario, you can move your domain off of Google Apps and not need to update your email address everywhere with everyone.
Exactly this. I truly don't understand that people put their professional career on the line for the price of a domain name.
I also use GMail, it's incredibly useful. But it's my own domain, and if there's a problem, I point the MX records of my domain name to another email provider and forget about Google.
2) The article isn't about Gmail, it's about an entire Google account where the author stated they ARE paying for extra storage for Gmail and Drive -- where you seemed to imply they're not paying. And buying your own domain does nothing for getting access back to your 10,000's of past e-mails or your 100's of GB's of files you're paying to store.
Didn't Apple shut down their .me or whatever it was called services some time ago (and AFAIK that was even a paid service)? What happened to the websites, blogs, emails, etc that were hosted by them?
They discontinued the hosting, but the rest of the services (including email) are largely still around, just rebranded to iCloud. https://en.wikipedia.org/wiki/MobileMe
It’s important to note that the old email addresses still work. New ones are assigned to the icloud domain, but my @mac.com email still works and that was a (free) service when I signed up for it in 1999. Old @me.com addresses also remain functional.
Trusting "your life" to a third party service is very dangerous. Because if your life depends on that service, your life can't continue with out it, so I ask, why do this to yourself?
The thing is, people round small risks to zero. As a heuristic, it's not correct, but there are so many possible small risks that it's impossible to round them all up to a significant amount either. Same principle leads to people accepting abusive licensing terms.
What's the alternative though? It's not like Microsoft and Yahoo's email/calendar services are much better. Use a paper calendar and run your own private email server and hope you never have to run for president?
Buy your own domain name and forward your mail from an address on that domain to your gmail. Keep a backup of your email. If you lose access, just create a new account and update the address you're forwarding to.
This is an absolute minimum of money (under $20/year), effort, and disruption to your current habits. Plus, you get to use whatever vanity email address you want.
Why not? It works for a lot of people. I don't understand why some people are so eager to hand their personal data out to 3rd parties. This is a very do-able solution.
Honest question - what happens if you don't know the password on your Mac, Windows, Linux box? Are there routes to recover the information on the hard drive if the user does not have the password and there is no admin?
I don't know. It might be a unpopular opinion, but I am okay to be locked out if I forgot my password to my email. I prefer that to weaken security, and complex processes to sign in.
If that were all that could do it, sure. That's not the end of it, though. I was trying out anonymization methods a while back, and created an account for use through Tor + a VPN (yes, I know it's Google). I recently tried to get back into it, but since I wasn't "where I usually sign in" (and can't actually say what city they thought that was), I'm locked out. I have the correct password in my manager, and I can even answer that "when did you create this account" question because of that, but Google still won't give me any way in. Since there's nothing important in there, I'm fine leaving that particular address behind rather than escalating things, especially after reading the article, but there's a few really dangerous implications there if you do want to habitually decouple your IP from your physical location.
Usually if you can SMS verify they will let you in. Google (and many other companies) insist on SMS not because it is secure (it's not) but because it requires account spammers (scammers) to put up some money (buy a phone) before they let you use the service too much. I would be surprised if you get through the registration process before they insist on SMS verification if you are coming out of a VPN provider netblock. And forget coming out of a TOR exit node.
Keeping your identity hidden from Google while using their services is a fools errand. Find some other email provider with less big data mining expertise.
I'm confused, so you are answering every single security question correctly and you age logging in from your usual location without any kind of Tor/VPN/etc. and you still have no way to access that account? Or are you merely prevented from logging in via Tor/VPN?
My account was previously always used in Germany, and then fell into disuse once I migrated to another Google account (to change the primary email address).
Someone tried several passwords for the account from Russia, Google warned me by sending a warning to the backup email, and let the attacker in anyway.
Being in Germany, the reset flow asked me to either
(a) provide the phone number used, prove I control the backup email, and provide the exact account creation date (I was off by a few months, and it failed to allow me in),
(b) prove ownership of the backup SMS, backup email, and answer all security questions correctly (which I couldn't, because the phone number had long been reassigned).
I, desperately, called Google Nexus support (not possible to solve), and even asked people on the inside, who got the account team on it (more on that later). No can do.
In the end, I got the new owner of the phone number (ALDI Talk reassigns phone numbers after 6 months disuse) to help me by him sending me the SMS verification code, which I'd enter, to verify identity, and get the account back.
After I managed to log into the account, I obviously enabled 2FA, secured it, etc, but I also found a new message in the inbox, from Google's account recovery team, the usual 'thank you for contacting us, etc' one. They had contacted 'me', after I complained that the account was hijacked, by writing an email to the account, and talking with the attacker. Who obviously said there's no problem.
>> I'm confused, so you are answering every single security question correctly and you age logging in from your usual location without any kind of Tor/VPN/etc. and you still have no way to access that account?
> That is correct, I had the same issue.
> the reset flow asked me to either (a) provide the phone number used [...] or (b) prove ownership of the backup SMS [...]
> (which I couldn't, because the phone number had long been reassigned)
But this means what I said earlier is not correct, since you are not answering all of their security questions correctly.
I managed to successfully complete the (a) flow, but it was considered not enough, due to the different IP, and minor inaccuracy with the creation date.
I later managed to successfully complete the (b) flow due to the SMS.
I believe Google isn't using a binary definition of success, but a confidence interval of how sure they are you are the actual owner - if they are reasonably sure you are the owner, less questions need to be solved, if they are reasonable sure you are not, they cancel the flow before you even have a chance, and if they're unsure, they ask you more questions.
On my first attempt, I got over a dozen questions to validate myself, later on, I got told "sorry, we don't believe you" after already one question.
> I managed to successfully complete the (a) flow, but it was considered not enough, due to the different IP, and minor inaccuracy with the creation date.
That's exactly what I mean though. You didn't answer their questions correctly. It wasn't just due to your location/IP; you put in the wrong date. (It's quite funny/ironic that you are also answering my questions incorrectly and yet insisting otherwise. While I sympathize with you for the actual problem, it doesn't help anyone sympathize when they see facts being twisted!)
There is no "wrong" or "right" date for Google. Google's support says to input whatever date you remember, Google will judge it as neither "true" or "false", but based on how close you are, and (this part is now speculation) combine that with other factors.
> There is no "wrong" or "right" date for Google. Google's support says to input whatever date you remember, Google will judge it as neither "true" or "false", but based on how close you are, and (this part is now speculation) combine that with other factors.
I'm sorry but you're not going to win over anybody like this. They asked you for a date, they potentially gave you some leeway for error (or not), and you gave the wrong date. Evidently your error was too high for them to overlook. You could argue they asked a bad question or should have given more leeway, and people might actually sympathize with you there, but relying instead on pedantry like this does not help.
Sounds like either Google is a terrible company with useless customer service and dysfunctional standard procedures, or known journalists and bloggers immediately set off alarms when they use this recovery mechanism because there has been too much negative press about social engineering leading to account theft recently. I.e. perhaps they wanted to prove that his account is safe from cheap tricks.
Why don't they just offer some kind of emergency support with a hefty pricetag for these cases?
Eg pay 200$ to have an actual human verify your identity? I don't think that would cost them anything and most people in this situation would likely pay any price to regain access..
Well, I use 2FA extensively, including for my Google account. However, there are even more vectors possible with 2FA where you lock yourself out of your account (e.g.loose backup codes, phone and access to phone number) which a human could easily solve (verify scan of ID, address proof, phone call, confirm that no activity for X days on the account in question).
How would that work? I can of course go to their office and prove my identity but since nobody did that when opening the account, they can't necessarily prove that it is my account..
I have (had?) a G Suite Legacy Free account, that I used for my personal emails.
Around a week ago Google suspended the account saying it broke terms and conditions. I've appealed it but haven't heard back, I've spoken to support many times but the case always needs to go to 'another team' who never gets in contact.
I've since setup a new paid G Suite account but have been unable to reuse my domain name as it's still locked to my old G Suite account... That I cannot login to. Support seem to be unable to help, so I've just had to point my MX records to Zoho for now until Google can sort this out.
I am a big Google fan, but this is now becoming a bit of a joke.
Few people seem to realize that if you loose access and they restore you access with limited information, then any attacker could do the same.
If you care about your Google, GitHub, Dropbox, Amazon, PayPal accounts the you should sign up for 2FA.
Ideally, you should have one-time recovery codes printed and U2F or TOTP when U2F isn't available.
I keep all of my TOTP tokens on my yubikey which also does the U2F magic. And of course I have a back up.
But if you don't care to setup 2FA, well, I can see how it's better for Google to lock you out as oppose to locking someone else in.
Recently I had a similar experience, thankfully with my work account. Even then, with having GSuite support, it took around 2 weeks to resolve the issue. If you lose access to your personal GMail account, well....you're fucked :/ Since then I have slowly started migrating my personal email and all logins to another mail provider, where you can actually contact support, as to not rely on Google.
I know how that feels and I agree. Vendor lock-in is crazy. Too many people and businesses rely on a company, without giving a second thought about what would happen if that company suddenly changed its terms or stopped providing a service that they are using.
But running my own mail server...argh. I wouldn't want to do that ever again. My approach is, instead, using my own domain with a 3rd party mail provider. That way you are always in control of your e-mail address, and you can always switch to another provider anytime, if anything happens.
That convinces me never to use Google for a primary, trusted account. It's just too easy to get locked out forever.
It's worth taking some time to think about how you will recover from various disasters: forgot password, drive crashed, lost phone, etc. IMHO the best approach is to have one account with a hard but memorable password, that you can access from any device, and use to bootstrap the rest of your accounts and passwords. Maybe also keep the password on a piece of paper stored where you will know if it has been accessed.
Imagine you used a password manager that required memorizing just one diceware phrase then using randomly generated passwords and never got locked out again, that's what happened to me.
1Password has 2FA available and I obviously use that when possible as well as OpenVPN server I control. Google is helpful enough to alert you when someone fails to log in to your account, and when that someone is in another country, it's obviously time to enable 2FA. Their piss poor inability to provide customer service also means no one is going to social engineer their way into my email, which is a pro imho.
Why or why Google asks about the date the account has been created? 9/10 you won't remember exact month/year and this screws up any chance of account recovery.
> Ron Miller is enterprise reporter at TechCrunch. He has been a Freelance Technology Journalist since 1998
> Ron is currently corporate blogger for Intronis where he writes once weekly on issues related to the cloud, and a weekly feature called The Cloud 5 where he aggregates five links related to the cloud computing
Might we perhaps have expected a slightly better understanding of the nature of the cloud? Of 'free' services? Of standard backup practice? Of password managers? Of password security? (Guy apparently used passwords simple enough that he could carry them in his head). It probably makes me a smug, uncaring bunghole, but my compassion doesn't really kick into gear over this.
I have had the pleasure of working with the user database of a certain media company. Passwords in plaintext, of course. Plenty of journalist users. Half of whom had gmail adresses for usernames, and 90% of whom had passwords along the lines of [birthday], [name], or kitty74.
It's my belief that if you enable 2FA it's a lot harder to be casually dissociated from your account. This is because you have to do more work to establish a chain of authority over the account to enable it, and because you precreate account recovery tokens you can save offline.
Fastmail is great for this, in my opinion. I vastly prefer every single aspect of the experience. The web mail client alone is worth the switch away from Gmail, IMHO.
I also have an account where I can't remember the password and I've given google three factors of identification and they still won't verify my account to reset the password.
I have no PR friends that work with Google, so I'm shit out of luck.
I used Thunderbird before I switched to Gmail, and for several years after I kept it running on my Gmail account without ever opening the window, just so I'd have a local backup of all my mail.
I don't think there's anything wrong with it as long as both parties are aware that the deal is about storage and doesn't include additional phone counselling.
There is no solution to this other than paying and diversification.
I use fastmail for emails, dropbox for storage, icloud for calendar and notes. I also use a security key with my fastmail and dropbox accounts. A physical one. So I don’t really forget my password to begin with.
Tldr: the author underestimated the importance of tech accounts, diversification and how shitty google support service is.
This is too technical for most unfortunately, but the only way to guard something as valuable as your email address is to own the domain and so control the MX records.
I'm fortunate enough to have a grandfathered free Gmail account so I can own my domain and point it to a Gsuite account without paying.
Otherwise it's worth paying up for Gsuite, Fastmail or similar.
For those of us for whom email is so important, having a paid provider that has human support staff (that actually responds) should be equally important.
IMHO, free supportless email [like gmail] isn't really an option, given the huge impact that losing it would have.
Host your own email server (like me) or use email services of your webhosting or ISP. Email is a simple service originally developed to be decentralized but modern Idiocracy makes people use only a handful of corprations for IT services. :(
Why are big companies so inaccessible? It's a strange paradox to think that almost everyone uses Google services on daily basis, yet it is near impossible to communicate with Google itself.
To avoid such things, I have a notebook in my drawer in which I have all the passwords to all my online accounts written down. If I change a password, I update the entry. If I create any sort of online account, it gets added to the diary. I figured if someone bothered enough to physically steal my diary from my drawer, I'd have bigger problems to worry about than my YouTube credentials.
I'm currently locked out of a Gmail account I have the password for but Google decided that isn't enough; it doesn't like my IP address and wants me to verify against a phone number I no longer have.
> wants me to verify against a phone number I no longer have.
I had the same. There's a good chance someone else has that number now - add them on WhatsApp/Facebook Messenger/etc by phone number, Google their number and try to find them, or call them.
In my case, I was able to recover the account by communicating with the new owner, and him quickly sending me the 2FA code he got from Google when I tried to log in.
That's why it's so insane to consider it a safe 2FA source.
6 months. That's all it takes between the last time a user successfully used a phone number, and a new user getting assigned the same number with prepaid SIMs in Germany.
...And the IP you used to sign up... and the city for that IP in the geolocation database at that specific date... and the exact User Agent string... and the time zones... and...
Or maybe they should stop being idiots and allow people with strong passwords to... just use passwords to authenticate.
Maybe some type of "I know what I am doing, kindly fuck off Google" option.
Sadly in all these stories that end successfully there is an inside help from someone that has contacts in Google. I don't even want to think about what would happen to people that don't know anyone inside Google.