
I got locked out of my Google account for a month - rbanffy
https://techcrunch.com/2017/12/22/that-time-i-got-locked-out-of-my-google-account-for-a-month/
======
Shoothe
> On December 5th, I sent a note to a PR contact who I work with on Google-
> related news and I told him about my problem. He said he had gotten my case
> escalated and I should hear within 24 hours.

Sadly in all these stories that end successfully there is an inside help from
someone that has contacts in Google. I don't even want to think about what
would happen to people that don't know anyone inside Google.

~~~
MaysonL
My sister-in-law has a blog that sends out email notifications to subscribers
(who requested them) when she posts a new article. After a few hundred
subscribers had marked these notices as spam rather than unsubscribing, her
blog, email account and entire site got blacklisted. She only managed to get
this cleared up via a tech support friend who has contacts at Google.

~~~
polkovnikov-ph
Tell her to be sure there is a distinguishable "unsubscribe" link in letters.

~~~
PakG1
You'd be surprised for how many technology-inept users that wouldn't make a
difference. They'll still mark the email as spam. It's easier for many people
to understand and easier to click.

~~~
CaptSpify
It sometimes can be better to mark it as spam. There was a thing a while back
where the unsubscribe link was just verifying that you still check that email
account, and you click on links, so they'd send you more spam.

~~~
MaysonL
Mark spam as spam. Unsubscribe from content you signed up for and no longer
want.

~~~
CaptSpify
And how many things are "signed up for you"? There's a lot of those. It's
getting harder to tell what I actually signed up for, and what I _thought_ I
was signing up for.

~~~
sowbug
If they say "signed up for you," then it's spam -- it's unsolicited commercial
email. Unless you designated someone else as your agent to sign you up for
crap on the web, then you didn't solicit it.

------
whiddershins
I think this is the money quote:

“That same day I opened a second GMail account so I could have access to
services like an email account if need be, [...]”

So, this journalist is in the middle of a horrible experience with Gmail and
responds by ... opening another Gmail account, because basically realistically
imagining email as something other than Gmail is far too much of a stretch in
most people’s minds.

~~~
jwilk
What alternatives to GMail do you recommend?

~~~
DashRattlesnake
[https://www.fastmail.com/](https://www.fastmail.com/)

It costs $5/month if you want to use your own domain. I've pretty much stopped
using Gmail, etc. and switched totally to them.

~~~
whiddershins
Do you find their web interface as good as Gmail?

~~~
DashRattlesnake
Yes, I do. The only thing I miss is tagging/archiving. Fastmail uses a
traditional folder paradigm, and archiving only moves the message to a special
archive folder.

Their login 2FA options are as good as Gmails, and I like their mail-rules
better (though you have to drop into "power users" mode more than I'd like).

------
graniter
Yeah well I got locked out of my hotmail account 5 years ago and I never got
back in. There was a bug in an iOS release that caused the Mail app to make
repeated, unnecessary requests to authenticate hotmail/outlook so Microsoft
determined that there was suspicious activity and locked me out. They have an
account recovery process for situations like this and I tried, and tried, and
tried, and failed to regain access. I just tried again last week. I tried
contacting them directly, too of course. No luck.

So I know what happens when you don't know someone on the inside: you are out
of luck. You lose important emails, photos, notifications, bills. You have to
change a lot of your other accounts. No fun at all.

Wait...you want to know the worst? That's the email I used for coinbase that I
think still has a few Bitcoin in it. I can't log into coinbase because I don't
have the same phone with the same phone number for Authy, and the recovery
email is the hotmail email I am locked out of. Of course I have open support
tickets with coinbase bu you can imagine that I'm not exactly real high in
their priority queue. So being locked out of my email has cost me a lot of
money in the long run.

~~~
fastball
You didn't back up your 2FA keys?

~~~
CydeWeys
I'm in the same situation right now. I didn't back up my Authy keys because
when I switched phones, the balance on my Coinbase account was zero (still
is), so it wasn't a high priority to me.

Now, I'm trying to get back into the account so I can add some BTC to sell it,
and I'm getting nowhere with the customer support. For an account with a 0
balance. And I still have access to the correct email, phone number, etc.

At this point it'd just be easier for me to sign up for a new account I guess,
but I don't want to have to use a throw-away email for that. You'd think
there'd be some kind of easy path to regain control of an account with zero
balance, as there's no risk of theft. Nuke all attached bank accounts and the
like as a safety measure.

------
oxplot
> Imagine you have spent much of your digital life for the last 12 years on
> Google. You rely on their mail and calendar, Google Drive for storage and
> Google Photos for your photo archive.

Like I've said in the past here [1], if something is so important to you, you
need to treat it as such. Continuing to use a service that offers no
guarantees, availability or even continuing access to your account is a sign
of ignorance, when you rely on that service so much.

Now ignorance is not the fault of the user. It's primarily the failure of
education. There are multiple deficiencies at play here:

1\. Lack of knowledge of general population about significance of terms of
service, and literacy to read and understand them.

2\. Lack of regulation to enforce service providers to provide concise and
less technical terms of service.

3\. Lack of clear options provided by the service provider for users, so that
if a paid option with guarantees is available, it's easy to sign up for and
use.

In case of Google, you can, for $60 a year, have an email account under your
own domain (which by the way decouples you from Google if you wish to move to
another provider in the future), a 24/7 phone support and other goodies. The
issue is the number of hoops you need to jump through to set that up, making
it inaccessible for the average user. This is Google's fault.

[1]:
[https://news.ycombinator.com/item?id=6839142](https://news.ycombinator.com/item?id=6839142)

~~~
Asooka
Can you, or someone else, point to an alternative to gmail that won't decide
to lock me out of my account and still offers generous data storage?

~~~
oxplot
Google will give you a chance to move your data out of their cloud should they
decide to kick you out. This option is available if you pay for the GSuites
(their business plans) which I mentioned above.

Any provider has the right to terminate your account for variety of reasons
even if you're a paid customer.

------
omarforgotpwd
In the era of cloud services, if it's not on your hard drive you could
ultimately lose access to it at any time. People tend to think about reasons
like companies shutting down services, getting acquired, etc. but this brings
up an entirely new class of ways you could lose access to your cloud info:
Locking yourself out. Maybe you forgot the password, your password manager had
a bug, or the account was with an old school or work email you no longer have
access to. This may seem silly but as a dev I forget my passwords for things
all the time. Imagine how this kind of technological shift impacts a non-
technical person.

~~~
x0x0
I worked for a large b2c website.

Many users used the password recovery flow essentially as their login
mechanism.

Seriously.

~~~
WhyNotHugo
Some companies understood and embraced this: Slack and auth0 can send you
"login links" via email which log you right in.

Remove that pesky "password" from the entire "password reset" flow. Makes
perfect sense (meaning: there's clearly users making use of it).

~~~
x0x0
We did the same after realizing what was going on.

------
donalhunt
Google (and other companies) are purposely opaque about how they determine
whether you have provided enough information to verify you are the owner of
the account...

Getting it wrong has significant impact on how much the brand is trusted (and
for some companies, that's all they have)... Lose it and it's time to shutter!

To be fair to Google, they do regularly prompt users to review the security of
their account (e.g. with checklists like this:
[https://support.google.com/accounts/answer/46526?hl=en](https://support.google.com/accounts/answer/46526?hl=en)).
Note that Step 3 is "Update your account recovery options"!!

~~~
nasredin
They always seem to want phone numbers, which in a lot of countries are easily
attributable to real people.

One more time the "techbros" of Silicon Valey don't realize their actions are
hurting people.

~~~
jopsen
Just buy two yubikeys.

~~~
wyclif
Why? Instead of 2FA?

~~~
jopsen
You can do both TOTP and U2F on an yubikey.

U2F is much harder to trick..

And TOTP on your phone is likely to get hacked. TOTP on a physical yubikey is
a much harder target.

------
cdubzzz
> That same day I opened a second GMail account so I could have access to
> services like an email account if need be, even if it didn’t have any of my
> previous data in there.

When service is this terrible, why stick with the bad provider? I generally
find the whole article sort of depressing... “Google ignored my problems for a
month. But now I have access again oh well yay!!”

~~~
crazygringo
Because what's the alternative? You can spend weeks moving all your data to
Microsoft or Apple... and suffer lost messages when people don't update their
e-mail for you... and then discover they're just as bad or worse?

What's an alternative to Gmail+Drive+Apps that has as much functionality, ease
of use and convenience, and at a comparable price, but guarantees you won't
get locked out?

~~~
jsjohnst
> What's an alternative

It’s called paying for the services you use. You don’t even need to switch to
a different product / provider, just pay $5/month and ~$10/year for a domain
name. Then worst case scenario, you can move your domain off of Google Apps
and not need to update your email address everywhere with everyone.

~~~
bartvk
Exactly this. I truly don't understand that people put their professional
career on the line for the price of a domain name.

I also use GMail, it's incredibly useful. But it's my own domain, and if
there's a problem, I point the MX records of my domain name to another email
provider and forget about Google.

------
qrbLPHiKpiux
Trusting "your life" to a third party service is very dangerous. Because if
your life depends on that service, your life can't continue with out it, so I
ask, why do this to yourself?

The convenience is a serious trade off.

~~~
peterjlee
What's the alternative though? It's not like Microsoft and Yahoo's
email/calendar services are much better. Use a paper calendar and run your own
private email server and hope you never have to run for president?

~~~
macintux
Pay someone for the critical services you rely on. I'd never trust Google with
my main email service; Fastmail.fm has been great to me.

For calendaring, I rely on Apple; even if they were to somehow vanish, I'd
still have 3 copies of my calendar lying around.

------
hartator
I don't know. It might be a unpopular opinion, but I am okay to be locked out
if I forgot my password to my email. I prefer that to weaken security, and
complex processes to sign in.

~~~
WovenTales
If that were all that could do it, sure. That's not the end of it, though. I
was trying out anonymization methods a while back, and created an account for
use through Tor + a VPN (yes, I know it's Google). I recently tried to get
back into it, but since I wasn't "where I usually sign in" (and can't actually
say what city they thought that was), I'm locked out. I have the correct
password in my manager, and I can even answer that "when did you create this
account" question because of that, but Google still won't give me any way in.
Since there's nothing important in there, I'm fine leaving that particular
address behind rather than escalating things, especially after reading the
article, but there's a few really dangerous implications there if you do want
to habitually decouple your IP from your physical location.

~~~
mehrdadn
I'm confused, so you are answering every single security question correctly
and you age logging in from your usual location without any kind of
Tor/VPN/etc. and you still have no way to access that account? Or are you
merely prevented from logging in via Tor/VPN?

~~~
kuschku
That is correct, I had the same issue.

My account was previously always used in Germany, and then fell into disuse
once I migrated to another Google account (to change the primary email
address).

Someone tried several passwords for the account from Russia, Google warned me
by sending a warning to the backup email, and let the attacker in anyway.

Being in Germany, the reset flow asked me to either

(a) provide the phone number used, prove I control the backup email, and
provide the exact account creation date (I was off by a few months, and it
failed to allow me in),

(b) prove ownership of the backup SMS, backup email, and answer all security
questions correctly (which I couldn't, because the phone number had long been
reassigned).

I, desperately, called Google Nexus support (not possible to solve), and even
asked people on the inside, who got the account team on it (more on that
later). No can do.

In the end, I got the new owner of the phone number (ALDI Talk reassigns phone
numbers after 6 months disuse) to help me by him sending me the SMS
verification code, which I'd enter, to verify identity, and get the account
back.

After I managed to log into the account, I obviously enabled 2FA, secured it,
etc, but I also found a new message in the inbox, from Google's account
recovery team, the usual 'thank you for contacting us, etc' one. They had
contacted 'me', after I complained that the account was hijacked, by writing
an email to the account, and talking with the attacker. Who obviously said
there's no problem.

~~~
mehrdadn
>> I'm confused, so you are answering every single security question correctly
and you age logging in from your usual location without any kind of
Tor/VPN/etc. and you still have no way to access that account?

> That is correct, I had the same issue.

> the reset flow asked me to either (a) provide the phone number used [...] or
> (b) prove ownership of the backup SMS [...]

> (which I couldn't, because the phone number had long been reassigned)

But this means what I said earlier is _not_ correct, since you are _not_
answering all of their security questions correctly.

~~~
kuschku
I managed to successfully complete the (a) flow, but it was considered not
enough, due to the different IP, and minor inaccuracy with the creation date.

I later managed to successfully complete the (b) flow due to the SMS.

I believe Google isn't using a binary definition of success, but a confidence
interval of how sure they are you are the actual owner - if they are
reasonably sure you are the owner, less questions need to be solved, if they
are reasonable sure you are not, they cancel the flow before you even have a
chance, and if they're unsure, they ask you more questions.

On my first attempt, I got over a dozen questions to validate myself, later
on, I got told "sorry, we don't believe you" after already one question.

~~~
mehrdadn
> I managed to successfully complete the (a) flow, but it was considered not
> enough, due to the different IP, and minor inaccuracy with the creation
> date.

That's exactly what I mean though. You _didn 't_ answer their questions
correctly. It wasn't just due to your location/IP; you put in the wrong date.
(It's quite funny/ironic that you are also answering my questions incorrectly
and yet insisting otherwise. While I sympathize with you for the actual
problem, it doesn't help anyone sympathize when they see facts being twisted!)

~~~
kuschku
> you put in the wrong date

There is no "wrong" or "right" date for Google. Google's support says to input
whatever date you remember, Google will judge it as neither "true" or "false",
but based on how close you are, and (this part is now speculation) combine
that with other factors.

~~~
mehrdadn
> There is no "wrong" or "right" date for Google. Google's support says to
> input whatever date you remember, Google will judge it as neither "true" or
> "false", but based on how close you are, and (this part is now speculation)
> combine that with other factors.

I'm sorry but you're not going to win over anybody like this. They asked you
for a date, they potentially gave you some leeway for error (or not), and you
gave the wrong date. Evidently your error was too high for them to overlook.
You could argue they asked a bad question or should have given more leeway,
and people might actually sympathize with you there, but relying instead on
pedantry like this does not help.

------
lazyjones
Sounds like either Google is a terrible company with useless customer service
and dysfunctional standard procedures, or known journalists and bloggers
immediately set off alarms when they use this recovery mechanism because there
has been too much negative press about social engineering leading to account
theft recently. I.e. perhaps they wanted to prove that his account is safe
from cheap tricks.

~~~
kevin_thibedeau
Free Gmail users aren't customers.

------
jpdus
Why don't they just offer some kind of emergency support with a hefty pricetag
for these cases? Eg pay 200$ to have an actual human verify your identity? I
don't think that would cost them anything and most people in this situation
would likely pay any price to regain access..

~~~
jopsen
Why don't you just buy two yubikey and print one-time recovery codes?

If you care about it, then lock it down.

In many ways there is no good way to verify you, if you don't invest in 2FA.

Would you rather be locked out, or have a hacker locked in?

~~~
jpdus
Well, I use 2FA extensively, including for my Google account. However, there
are even more vectors possible with 2FA where you lock yourself out of your
account (e.g.loose backup codes, phone and access to phone number) which a
human could easily solve (verify scan of ID, address proof, phone call,
confirm that no activity for X days on the account in question).

------
7ewis
I have (had?) a G Suite Legacy Free account, that I used for my personal
emails.

Around a week ago Google suspended the account saying it broke terms and
conditions. I've appealed it but haven't heard back, I've spoken to support
many times but the case always needs to go to 'another team' who never gets in
contact.

I've since setup a new paid G Suite account but have been unable to reuse my
domain name as it's still locked to my old G Suite account... That I cannot
login to. Support seem to be unable to help, so I've just had to point my MX
records to Zoho for now until Google can sort this out.

I am a big Google fan, but this is now becoming a bit of a joke.

------
jopsen
Few people seem to realize that if you loose access and they restore you
access with limited information, then any attacker could do the same.

If you care about your Google, GitHub, Dropbox, Amazon, PayPal accounts the
you should sign up for 2FA. Ideally, you should have one-time recovery codes
printed and U2F or TOTP when U2F isn't available.

I keep all of my TOTP tokens on my yubikey which also does the U2F magic. And
of course I have a back up.

But if you don't care to setup 2FA, well, I can see how it's better for Google
to lock you out as oppose to locking someone else in.

------
rootsudo
1\. Don't trust google with all your information.

2\. Have backups, redundant and different email accounts.

3\. Use a thirdparty password manager.

4\. Don't give google all your information.

It's a horrible ecosystem which ties convenience, and it's bad.

Google isn't your friend. Facebook isn't your friend.

They've become your gatekeepers.

------
vulkoingim
Recently I had a similar experience, thankfully with my work account. Even
then, with having GSuite support, it took around 2 weeks to resolve the issue.
If you lose access to your personal GMail account, well....you're fucked :/
Since then I have slowly started migrating my personal email and all logins to
another mail provider, where you can actually contact support, as to not rely
on Google.

~~~
cjsuk
This sort of stuff scares me so much. I see many people relying on one basket
of eggs all the time (AWS is a fine example) with no backup plan.

I’ve actually considered running my own mail server again now DKIM/DMARC is
around.

~~~
vulkoingim
I know how that feels and I agree. Vendor lock-in is crazy. Too many people
and businesses rely on a company, without giving a second thought about what
would happen if that company suddenly changed its terms or stopped providing a
service that they are using.

But running my own mail server...argh. I wouldn't want to do that ever again.
My approach is, instead, using my own domain with a 3rd party mail provider.
That way you are always in control of your e-mail address, and you can always
switch to another provider anytime, if anything happens.

------
whyagaindavid
>use different passwords all the time and I forgot which one I had used most
recently for Google.

May in the last weeks this person entered wrong passwords too often.

>I clicked ‘Forgot Password’ as I always had.

Did the journalist reset passwords too often?

------
username223
That convinces me never to use Google for a primary, trusted account. It's
just too easy to get locked out forever.

It's worth taking some time to think about how you will recover from various
disasters: forgot password, drive crashed, lost phone, etc. IMHO the best
approach is to have one account with a hard but memorable password, that you
can access from any device, and use to bootstrap the rest of your accounts and
passwords. Maybe also keep the password on a piece of paper stored where you
will know if it has been accessed.

------
autotune
Imagine you used a password manager that required memorizing just one diceware
phrase then using randomly generated passwords and never got locked out again,
that's what happened to me.

~~~
jopsen
If you start logging in over TOR or other sketchy locations, you might...

I would suggest 2FA, if you really care.

~~~
autotune
1Password has 2FA available and I obviously use that when possible as well as
OpenVPN server I control. Google is helpful enough to alert you when someone
fails to log in to your account, and when that someone is in another country,
it's obviously time to enable 2FA. Their piss poor inability to provide
customer service also means no one is going to social engineer their way into
my email, which is a pro imho.

------
uladzislau
Why or why Google asks about the date the account has been created? 9/10 you
won't remember exact month/year and this screws up any chance of account
recovery.

------
interfixus
> _Ron Miller is enterprise reporter at TechCrunch. He has been a Freelance
> Technology Journalist since 1998_

> _Ron is currently corporate blogger for Intronis where he writes once weekly
> on issues related to the cloud, and a weekly feature called The Cloud 5
> where he aggregates five links related to the cloud computing_

Might we perhaps have expected a slightly better understanding of the nature
of the cloud? Of 'free' services? Of standard backup practice? Of password
managers? Of password _security_? (Guy apparently used passwords simple enough
that he could carry them in his head). It probably makes me a smug, uncaring
bunghole, but my compassion doesn't really kick into gear over this.

I have had the pleasure of working with the user database of a certain media
company. Passwords in plaintext, of course. Plenty of journalist users. Half
of whom had gmail adresses for usernames, and 90% of whom had passwords along
the lines of [birthday], [name], or _kitty74_.

Yes, there were tech people too.

------
ggm
It's my belief that if you enable 2FA it's a lot harder to be casually
dissociated from your account. This is because you have to do more work to
establish a chain of authority over the account to enable it, and because you
precreate account recovery tokens you can save offline.

------
dredmorbius
"Who are you?" is the most expensive question in information technology. No
matter how you get it wrong, you're fucked.

I've been locked out by Google several times. And know of other instances
including Google and othere services. Some never regained access.

[https://www.reddit.com/r/dredmorbius/comments/3mo7l6/that_go...](https://www.reddit.com/r/dredmorbius/comments/3mo7l6/that_google_identity_thing_again_who_are_you_is/)

[https://www.reddit.com/r/dredmorbius/comments/2w618r/how_to_...](https://www.reddit.com/r/dredmorbius/comments/2w618r/how_to_kill_your_google_account_access_it_via_tor/)

------
mgiannopoulos
Scary. Makes me think about moving my personal mail domain back to a regular
hosting company

~~~
epistasis
Fastmail is great for this, in my opinion. I vastly prefer every single aspect
of the experience. The web mail client alone is worth the switch away from
Gmail, IMHO.

~~~
Tempest1981
How does Fastmail handle lost passwords?

~~~
tonyztan
There was a discussion here:
[https://news.ycombinator.com/item?id=15853477](https://news.ycombinator.com/item?id=15853477)

------
busterarm
Funny,

I also have an account where I can't remember the password and I've given
google three factors of identification and they still won't verify my account
to reset the password.

I have no PR friends that work with Google, so I'm shit out of luck.

~~~
jopsen
Where any of those factors: U2F, TOTP, one-time recovery codes?

~~~
busterarm
They didn't offer me TOTP but did offer SMS verification.

------
PhasmaFelis
I used Thunderbird before I switched to Gmail, and for several years after I
kept it running on my Gmail account without ever opening the window, just so
I'd have a local backup of all my mail.

I should maybe start doing that again.

------
jeremyt
This is why I switched to proton mail. Never looked back.

~~~
dredmorbius
As have I, though again, it only shifts the problem.

------
cube00
> They don’t have customer service, yet I’m paying for storage.

It's pretty slack to be taking people's money and providing zero customer
service.

~~~
slrz
I don't think there's anything wrong with it as long as both parties are aware
that the deal is about storage and doesn't include additional phone
counselling.

------
csomar
There is no solution to this other than paying and diversification.

I use fastmail for emails, dropbox for storage, icloud for calendar and notes.
I also use a security key with my fastmail and dropbox accounts. A physical
one. So I don’t really forget my password to begin with.

Tldr: the author underestimated the importance of tech accounts,
diversification and how shitty google support service is.

------
marcusr
This is too technical for most unfortunately, but the only way to guard
something as valuable as your email address is to own the domain and so
control the MX records.

I'm fortunate enough to have a grandfathered free Gmail account so I can own
my domain and point it to a Gsuite account without paying.

Otherwise it's worth paying up for Gsuite, Fastmail or similar.

~~~
dredmorbius
That only shifts the problem to retaining control of the domain.

Talk to Alexandra Elbakya about that, amongst others.

------
guu
Does anyone have experience with g suite's support (paid gmail) and how it
would compare in the same situation?

~~~
raverbashing
You get a phone number you can call. But the person behind that phone seems to
only be allowed to get your case on the support system

------
user5994461
Nothing special. The same happened with email addresses from ISP and they get
closed if you ever change provider.

------
samoraai
Man, that's scary! My email account is so central to everything.... better
make some changes

~~~
WhyNotHugo
For those of us for whom email is so important, having a paid provider that
has human support staff (that actually responds) should be equally important.

IMHO, free supportless email [like gmail] isn't really an option, given the
huge impact that losing it would have.

------
k3a
Host your own email server (like me) or use email services of your webhosting
or ISP. Email is a simple service originally developed to be decentralized but
modern Idiocracy makes people use only a handful of corprations for IT
services. :(

------
rootsudo
1\. Don't trust google with all your information.

2\. Have backups, redundant and different email accounts.

3\. Use a thirdparty password manager.

4\. Don't give google all your information.

It's a horrible ecosystem which ties convenience, and it's bad.

------
mmcnl
Why are big companies so inaccessible? It's a strange paradox to think that
almost everyone uses Google services on daily basis, yet it is near impossible
to communicate with Google itself.

------
mattbgates
Good job getting this published on techcrunch. Saw you had posted it just on
your own blog. Definitely got to spread that word, man!

------
ianlevesque
I use google apps for email and a couple other services but do monthly google
takeout downloads of all my data for this reason.

------
whyagaindavid
Hmmm, how many tech journalists not use password managers? How many google
employees do not use 2FA? Can anyone comment?

------
paul7986
Yeah I have given up hope with ever using my ten year old twitter account due
to a similar story :(

------
joshuaheard
I recommend using a password manager like LastPass or Keepass. Never lose a
password again.

------
dingo_bat
To avoid such things, I have a notebook in my drawer in which I have all the
passwords to all my online accounts written down. If I change a password, I
update the entry. If I create any sort of online account, it gets added to the
diary. I figured if someone bothered enough to physically steal my diary from
my drawer, I'd have bigger problems to worry about than my YouTube
credentials.

~~~
jstarfish
I'm currently locked out of a Gmail account I have the password for but Google
decided that isn't enough; it doesn't like my IP address and wants me to
verify against a phone number I no longer have.

~~~
BenjiWiebe
So I guess the diary should include a history of phone numbers. And maybe
addresses to be safe.

~~~
nasredin
...And the IP you used to sign up... and the city for that IP in the
geolocation database at that specific date... and the exact User Agent
string... and the time zones... and...

Or maybe they should stop being idiots and allow people with strong passwords
to... just use passwords to authenticate.

Maybe some type of "I know what I am doing, kindly fuck off Google" option.

~~~
dingo_bat
> Maybe some type of "I know what I am doing, kindly fuck off Google" option.

Tbf if you really knew what you're doing, you wouldn't be using gmail.

~~~
herewulf
This from the guy with all his passwords in a notebook in the desk drawer..
Have you thought of ROT13 encoding them?

------
techwraith
Was it the happiest time of your life? ;)

------
polkovnikov-ph
Is it normal that GMail marks email with a link to this thread "suspicious"
and asks me if I'm sure I'm not getting scammed here?

