
G Suite Doesn't Let You Contact Support Until Logged In. Locked Out = Stuck - HelloThur
I know my password for google suite admin (paid), but they have locked me out due to a suspicious login.<p>Google have locked me out with the following message:<p>&quot;We detected an unusual sign-in attempt. To make sure that someone else isn&#x27;t trying to access your account, your organization needs you to sign in using your corporate mobile device (the phone or tablet you normally use to access your corporate account).<p>If you don’t have your corporate mobile device with you right now, try again later when you have your corporate mobile device with you. If you continue to have problems signing in, contact your administrator. Learn more<p>Go back &amp; use your corporate mobile device&quot;<p>I am unable to get back in:<p>* Google support doesn&#x27;t work if you are logged out<p>* I have no primary mobile or corporate device to complete the above step on.<p>What does Google expect customers to do here?
======
rckoepke
>What does Google expect customers to do here?

[https://support.google.com/a/contact/admin_no_access](https://support.google.com/a/contact/admin_no_access)

To the OP ( 'HelloThur ), this is the answer to your most immediate question.
I found it here:
[https://news.ycombinator.com/item?id=17120223](https://news.ycombinator.com/item?id=17120223)

> Greetings. This is Alex Diacre here from G Suite Support. This has been
> flagged for my team and we’re looking into it. If any G Suite customer has
> trouble accessing their account they can always contact Google Cloud Support
> here:
> [https://support.google.com/a/contact/admin_no_access](https://support.google.com/a/contact/admin_no_access)
> (this is a special form to use when you cannot access any admin account)

~~~
disappearance
That’s a url worth copying into a password manager...

~~~
gerbler
Just to be clear, OP is factually incorrect. You can contact support using the
above link if you are locked out.

Source: worked on the G Suite Support team for several years.

~~~
smarnach
It seems this link should be mentioned in the email the OP got.

~~~
MrsHippy
If you cant find the link, you lose admin privileges. It's a test of merit.

------
Taek
I had this same issue with CloudFlare. Lost access to my email account. Had my
CloudFlare username + password, but CloudFlare insisted that I verify with my
email since I was trying to log in from a new IP (it wasn't a new IP, but
maybe they time out after a few months?).

No way to make progress. Can't use support if you don't have an account. Tried
making a separate account, so I could at least open tickets. Their ticketing
system keeps closing my tickets before the issue is resolved, and it closes
them as "resolved". The worst part is that I actually have both the correct
username and password for the account, and I have admin access over every
single domain associated with that account (via namecheap). Should be easy to
prove that I'm the authentic owner of this account.

Happily using Route53 now. Still haven't figured out how to turn off the
CloudFlare billing.

~~~
megaman821
I had a similar experience. I like making distribution lists with the company
name, so cloudflare@domain.com. I suspect something in their system thinks
these are test emails and I could never receive any email. I couldn't verify
my email and I couldn't log in to contact support. I eventually emailed them,
but they basically responded to login and get support, which was never going
to happen since I wasn't receiving emails from them. Sad thing for Cloudflare,
I was representing a large client that was exploring an enterprise contract
but I could never get an account setup and verified to evaluate Cloudflare.

~~~
ValentineC
I do the same with a domain catchall, and I've received emails from Cloudflare
just fine.

Then again, if there were emails I've not been getting from them, I would be
none the wiser.

I wouldn't be surprised if many people do username+cloudflare@gmail.com, so
excluding it outright would be really silly.

------
ROFISH
Google isn't the only one.

Somebody must have used my domain to sign up for a Microsoft Teams something
for some reason and NOBODY in my company can find out who or how. Microsoft is
absolutely unhelpful in this regard, trying to activate our domain for Office
Teams or whatever. Microsoft says it's for "security" reasons; but as CIO of a
50+ person org I should have some override on that in the event of erroneous
signups.

I don't even need to access old content because none of us has used the
service at all. Just delete the old domain. For all I know it was a troll
signup.

I've since just forced my team to use Google Docs/Sheets because Microsoft is
being so unhelpful that they won't even let us give them money, lol.

~~~
WrtCdEvrydy
To be honest, the alternative is someone being able to delete your
organization on Teams.

I kinda wish you could do like google analytics makes you do to validate your
URL (add a DNS record)

~~~
rootsudo
You can, the whole point is verifying the domain in O365 by modifying the PTR
record and CNAME so that the o365 panel will see it is _yours._

Support _should 've_ been able to remove it, I know I was able to do it on
escalation cases when I was on Fast Track.

I know that the "ambassadors" are really next to worthless, and if you do not
have premier or a TAM on your account, you are really SOL on
O365/M365/Microsoft products, you need to email the ambassadors managers,
continually, and then go up the ladder, if needbe, to the product manager of
that support team and just keep doing it.

It _really_ sucks.

But the reason you couldn't add your domain is 99% most likely someone added
and _verified_ it. There are tools on the backend (most easiest Viewpoint) and
then billing (CMAT) that can verify if domain is added.

------
EricE
Having been an administrator for a Google business account in the past (and
not a small one either) I can state from experience that if your problem
doesn't have something to do with advertising or search, you are a distant
(incredibly distant) third on Google's priorities. And search is a pretty
distant second from advertising. Google is majority an ad company, that's what
motivates them and it shows in their lackluster customer service for anything
that isn't advertising.

Rely on them at your peril. They have slick products as long as they work but
good luck if something goes sideways.

~~~
alasdair_
As a counterpoint: I’ve found the GCP paid support to be excellent, but that’s
when spending thousands to millions of dollars a month.

(Although the $150/month option was also very good when I used it.)

~~~
rckoepke
Indeed, I've found GCP support to be excellent. And honestly, even Google One
support over the phone has been pretty decent quality.

------
smsm42
Google auth UX is quite hostile. For example, if your group admin enables 2A
requirement, you can't login if it your account doesn't already have 2A, and
you can't set up 2A if you are not logged in, of course. So the workflow goes
like this: enable 2A requirement. Wait for people to scream, disable 2A, let
them log in and hopefully enable 2A. Enable again, let the next group of
people whose sessions by now expired to discover they can't log in, disable.
Etc. until hopefully everybody enables it. That seems to be the officially
endorsed process:
[https://support.google.com/a/thread/6090262](https://support.google.com/a/thread/6090262)

Sane approach would be to let people log in and immediately require them to
set up 2A and then continue with their logged in lives, but I guess that was
too hard.

~~~
toast0
If your org is small, you can run a report to see who hasn't enabled 2FA and
then yell at them. They made it better for new users a while ago (you can now
configure a grace perioid), but I don't know/remember if this helps for
existing users. If you've got users you can't cutoff who don't setup 2fa, then
you need to make an exception group. You can run automation to send nag emails
if there's people in it, etc.

But then don't merge with another company with g suite, cause merging accounts
isn't supported and you'll have a mess.

------
fivre
we're getting to the point where the only reasonable answer is to regulate
this, as the tech giants have well demonstrated that their only concern is to
do the bare minimum trust & safety work that's beneficial to their business.
users are an afterthought at best.

if you provide identity services to more than 100k people or w/e, you need to
have a defined dispute process, served by humans with the power to do shit,
with legal recourse in the event that they fail to do so. the "run a flag up
the pole on social media, hope you're important enough or friends with the
right set of people if you want shit done" approach is terrible.

the inevitable "but that will be vulnerable to fraudsters" backlash is stupid
--the existing systems are too; fraud prevention and such isn't something you
can ever do perfectly, since it's inherently adversarial. the problem we have
now is that EVERYONE is treated as if they're a mastermind professional fraud
network from the outset, and this does seemingly little to prevent actual bad
actors. Twitter's trust and safety team is an even more egregious example,
where they very effectively and immediately suspended my attempt to create a
single parody account, immediately suspended it again after unsuspending it,
and said any future attempts to reach them would be blackholed because the
first unsuspend request was still open (there's, of course, no way to see that
ticket or respond to it--all you get are email notifications stating that the
reply-to discards all inbound mail). this, of course, does seemingly nothing
to deal with actual bot networks, since those are run by sophisticated actors
who've figured out how to game the system.

something like Estonia's digital ID system is perhaps best, with, importantly,
built-in protection against tracking: I should be able to generate an ID that
a company can verify, but all they should be able to glean from that is that I
have an ID and that I've authorized X other IDs for that company--it shouldn't
be something that's traceable back to who I actually am or trace my actions
across companies, which is very much not the case (and is something companies
very obviously take advantage of for adtech purposes) for the de facto
standard of using mobile phone numbers.

~~~
cortesoft
Would you be ok if this law allowed a company to charge for the support
request? Like, $50 to have a human review your dispute?

~~~
bleepblorp
Allowing companies to charge their customers $50 to resolve account access
issues would only give companies an incentive to make 'mistakes' so they can
earn $50 by spending a few minutes 'fixing' the error.

Customers shouldn't be billed to fix mistakes that aren't their fault. In a
functioning market, money is supposed to flow away from faults, not towards
them.

~~~
thoraway1010
You miss the point entirely.

Currently because the volume of bogus support requests is so enourmously high,
and the fraud attempts also very high - the cost to properly do something like
handle account lockout requests properly (on the scale of billions of users)
would be EXTREMELY high.

Google is actually pretty clear for consumer accounts, if you lock yourself
out your content is lost and they suggest setting up a new account.

Cell phone companies do handle this, you can do things like sim swaps etc with
a real person - but you are usually paying $50 - $100 per MONTH with them. And
even there plenty of folks have complained of having 2FA codes stolen as a
result of this convenience.

If they could charge $50 or $100 to provide paid support (a situation that is
actually very COMMON at the enterprise level) for at least some people this
will be worth doing. Then the business case is there to staff / resource etc
the fix.

Currently, with youtube / gmail etc, the revenue per user is so low it will
NEVER make economic sense to have humans dealing with an account.

But keep on banning paid support and you'll keep on getting no support.

~~~
bradly
> Currently, with youtube / gmail etc, the revenue per user is so low it will
> NEVER make economic sense to have humans dealing with an account.

Google made over $6 billion in profit in one quarter this year. YouTube had
revenue over $5 billion in one quarter. They announced a $25 billion stock
buyback.

Google doesn't offer support because they choose not to.

~~~
throwaway_1299
I work in a similar space and it is significantly complex and expensive to do
this.

Back of the napkin math - * Lets say on average customers contact Google
support once a year for each product they use. That's 0.25 tickets per user
per quarter. * Consider Google has ~10billion monthly product _user
combinations (9 products have 1B+, most have significantly more)_ That is 2.5M
tickets/support requests a quarter. ~28M tickets a day * If we consider an
average ticket take ~3 mins to resolve, thats ~155k hours a day * If we take
an employee being productive for 7 hours a day, that's 22k employees * If you
take a 1:10 ratio, that is 2205,220 and 22 - 1st, 2nd and 3rd line managers. *
Take the cost to be an average of 30k,60k,150k and 300k for each of those
layers, thats ($661, $132M, $33M, $6.6M) which totals to ~$833M per quarter *
The real world costs for this will probably be anywhere between 2X to 3X of
this because all of these people come with other costs like infrastructure,
tooling, space, etc. So we are looking at ~$1.7B to $2.5B.

One might be tempted to say that money can be saved vs my estimates but keep
in mind the challenges of localization, time zones, compliance etc is also
significant and will probably mean an even larger expense.

So yeah, it would be ~40% of the quarterly profit.

Sure this is an expense so tax etc can be changed but my argument would be
that we are severely underestimating the complexity and challenge at each
step.

So yes, I do think it will never make economic sense unless you are on the
platform with sufficiently high spend. Just like every single other economic
system we have out there.

~~~
macintux
Then maybe don’t build your business on a model that makes it impossible to do
the right thing for your users.

~~~
logicchains
Maybe don't try to impose your preferences on other people; a lot of people
would rather have a free service with no support than pay for support. It
seems incredibly entitled to expect more from a service you're paying nothing
for.

------
reaperducer
_What does Google expect customers to do here?_

As much as I enjoy bashing Google, I have to admit that Google is far from the
only offender in this. I've seen it a number of time.

Even Saint Digital Ocean has a similar problem. If you're not logged in, the
only ticket you can submit is that you can't log in.

I ran into this recently because it turns out that that DO's help system UI is
completely borked in Safari. Type in a topic and click one of the suggestions,
and instead of taking you to that topic, if just closes the suggestion list.

The suggestions list has a bunch of carriage return icons, suggesting that you
can keyboard through it, but that doesn't work, either. And the system doesn't
work on a MacBook Air because it can't deal with anything but massive
monitors.

At the bottom of the suggestion list is the suggestion to submit a trouble
ticket. But that doesn't work, either.

But what do I expect for $5/month? The last actual Digital Ocean support
ticket I put in (a couple of years ago, when the system worked) came back with
a very polite reply to the effect of, "You get what you pay for."

------
adoxyz
Similar issue if you cancel your GSuite account.

I cancelled my account and was still billed for it, but now there's no way to
contact support since I don't have an active billing account.

~~~
g42gregory
I was debating whether to purchase extra storage for Google Apps email as I am
getting close to the 15GB free limit. I decided that I would pay Fastmail
instead. I would not want to make my life/business dependent on Google’s
whims.

~~~
drewg123
I have heard horror stories about declined credit card payments for things
like extra storage or premium YouTube causing people to be locked out of their
accounts with no recourse. Due to this, I am afraid to pay Google in case
things go wrong, so I use competing services instead.

~~~
thisisnico
This is why I refuse to use google for most services. Support is absolute
garbage.

------
zxcvbn4038
This is the part where you have to launch a campaign to shame Google on social
media or know someone on the inside to get your situation resolved.

When you do get back in my advice is to enable multiple 2FA factors as that
seems to streamline the account recovery case.

~~~
thisisnico
I've had the exact same issue with Amazon. I had prime. Suspected suspicious
activity. It's been 6 months without resolution. I just created another
account but I've been calling in every day since. There is no escalation, I
keep getting told the same thing: We have no power, we just submit the form to
the Account Specialists. You should be called back in 24 hours. I've not once
received a call back. My old account is still being used for fake reviews,
while amazon had completely locked out the account from being able to login on
any device. I can't log in. Whomever is in my account seems to have complete
control through some other method, which would explain how they were able to
access my old account, even though I have 2FA and mobile authentication. There
is a vulnerability they are not talking about.

~~~
throwaway324343
I'm so fucking pissed about this. I signed up for AWS with a personal
Amazon.com shopping account. Enabled 2FA, lost the token. I can care less
about the AWS account but no longer can I change my password on the shopping
account I've had for 10 years.

~~~
zorked
I bet that more accounts and data have been lost to 2FA than have ever been
saved by 2FA.

~~~
ta17711771
Follow proper practice. Always register two keys.

------
acheron
"Our technology is so sophisticated even we can't handle it. But that's your
problem, isn't it?.. We don't care, we don't have to."
[https://vimeo.com/355556831](https://vimeo.com/355556831)

~~~
dctoedt
Haven't clicked the link (yet), but I'm pretty sure it's Lily Tomlin on Laugh-
In as The Telephone Operator: "Is this the party to whom I _am_ speaking?
(Snort, snort.)"

~~~
acheron
Same character, but that one specifically is when she reprised it for SNL in
the late 70s.

------
molticrystal
A one time use recovery passwords you can generate(or are compelled to) in
case you lose access or are locked out seems like a better option, I believe
mega.nz & live.com do that, if it is available with google, it wasn't obvious
to me.

I love Google's rational of locking people out.

I have pop3/imap access to an old secondary gmail account, but whenever I try
to log in by the browser, it locks me out and asks me to confirm who I am by
adding a phone number.

I never associated a phone number with the account and have no plans to do so.
If somebody did get the password, they would be forced to add a phone number
they are in control of if they wanted to take it over.

So what was the point of that? Other than compelling thieves to enable and
setup 2FA on gmail accounts on old accounts without 2FA that they've gained
access to, almost certainly ensuring the owner never gets it back if they ever
decide to check their legacy account again.

~~~
tbodt
But if _you_ add a phone number, that makes it harder for someone to take over
your account.

~~~
perl4ever
The more information you add, the harder it is for _you_ to recover your
account.

If you add your phone number, fine, as long as you still have access to it.
But say you add a backup email. Now if you lose access to _either_ your phone
number _or_ your backup email, you can never recover your account.

When I realized how this worked, I thought it was nuts. But it is.

------
shock
Someone created a G Suite trial for a domain I own. There was no option for me
to contact Google to tell them I did not create the trial account and do not
want it, since all contact options required me to be logged into the trial
account I did not create :)

~~~
judge2020
To create a trial domain at example.com, you first get a domain at
example.com.test-google-a.com and then you have to go through domain
verification[0] for the real domain. Either they still have your domain as
"pending" in G Suite, or they have access to your DNS/web server.

0:
[https://support.google.com/a/answer/60216?hl=en](https://support.google.com/a/answer/60216?hl=en)

~~~
shock
They don't have access to my DNS/web server. That didn't stop Google from
sending me 11 spam emails about G Suite.

I think the first step Google should take before DNS/web server verification
is to verify the email address used for the setup.

------
52-6F-62
I've had similar issues with lost/forgotten passwords. I actually have a
bricked Nexus device because of it. Any password reclamation attempts are
supposed to send an email to my backup account for resolution but the email
just never arrives. From my reading it sounds like a common problem as well.
And yet I have a newer GSuite email through work and a personal Gmail account
for about 14 years (since beta) and no issues otherwise.

Also at a loss.

------
brainless
I had this exact situation just 2-3 weeks back and had to use my personal
Gmail account to start a community support thread and then got a link, which
reset my G Suite account activation/verification process. I got access back in
about 5 days from the start of the process.

Update:

Here is my thread on Google Community Help if it helps you or anyone else -
[https://support.google.com/a/thread/60347634?hl=en&dark=1](https://support.google.com/a/thread/60347634?hl=en&dark=1)

------
saalweachter
Does
[https://support.google.com/accounts/thread/5024607?hl=en](https://support.google.com/accounts/thread/5024607?hl=en)
help you?

Reading that comment thread makes it look like (a) "primary mobile or
corporate device" just means "the last device you signed in on", not like a
special device, and (b) maybe it's a problem when you don't have two-factor
authentication enabled?

------
cloudking
Have you tried account recovery?
[https://accounts.google.com/signin/recovery](https://accounts.google.com/signin/recovery)

------
blibble
the ability to ring up and speak to a person in case of difficulty is the only
reason I'm paying Google for GSuite

with this revalation I won't be renewing

~~~
techntoke
Google never said their phone support is for login issues and makes it clear
you need to login for support, and the op (who is using a throway) said they
didn't remember using a mobile number when signing up so it sounds like the
problem is partly on them. If you've been a customer for almost a year and
suddenly realized you don't have a number you can call for support, then there
is no reason to be outraged since they never promised that in the first place
before you signed up and you were too careless to look. They do have a help
page regarding login issues:

[https://support.google.com/a/answer/6335621](https://support.google.com/a/answer/6335621)

------
Animats
_What does Google expect customers to do here?_

Learn to embrace the pain.

------
oarabbus_
Oh yes, this happened to me once. Google has the least useful support of any
large company in my experience. This is why I often go with AWS (or, depending
on the nature of the company, Microsoft) despite Google's tools usually being
more powerful/cutting edge.

------
eisa01
On a similar topic: One of my friends got locked out of their Instagram
account

He tried to fill in the form on his Android phone to get the decision
reviewed, but when he hit submit it just showed an error.

He persevered, and after approximately half a year the form worked and he got
access to his account again this summer!

It's a travesty that normal people have no way to get a fair treatment by the
FAANGs when it comes to support. I hope some consumer ombudsman could put a
stop to this

~~~
julianz
A friend had someone sign up for Instagram using her Gmail address by mistake.
There's no way to unsubscribe and no way to contact Insta without logging in
(and it was in another language). In the end she changed the password and took
over the account; it was the only reasonable option.

------
xiconfjs
Same with Paypal...if somebody used your credit card information to buy
something via Paypal without creating a account - so credit card fraud - there
is no way to contact their support without providing a valid Paypal account.
If you don‘t have one, you first have to create one.

------
Taniwha
Sigh - try contacting Facebook because they've let some bozo sign up using
your email address ....

------
tehabe
I'm a Google One subscriber and so far I have only bad experience with
Google's user support, so I'm not surprised that it isn't any better with G
Suite. Bit sad though.

------
boromi
I had the exact same problem, wow. I'm very happy to see this on hnews.

------
drudru11
Same thing with PayPal

------
forcereboot1
the admins should have a phone number also, when I was a admin on a corp G
suite account there was a phone number also for support that we had.

------
amrktrack
does the account have 2FA?

~~~
jandrese
He said he set up 2FA and then lost the "corporate device" providing it.

This is why you always set up backup codes. The 2FA is doing its job here
keeping the account safe from someone who doesn't have the token, which
unfortunately is the account holder.

~~~
HelloThur
Wow, didn't expect this post to blow up like this.

For reference, I have no 2FA, nor did I lose my corporate device. I've always
accessed it through a web browser, never through a mobile, therefore when it
asks me to verify with my corporate mobile device, I do not know what device
it is referring to.

~~~
jandrese
Which device did you use when Google first asked you to verify your phone
number? Your personal cell phone maybe?

~~~
jlokier
Assuming it was their phone number.

What options do they have now, if they abruptly stopped using that phone
number for some reason 10 years ago and had no realistic way to know which 275
utilities were hitched to the number (or even if they did, couldn't contact
support for reasons described in the article), for example:

\- because they couldn't afford to pay the bills for a while

\- or moved country

\- or changed contract and then found they couldn't port the number (happened
to me) and lost the old number

\- or someone took their phone and they were unable in practice to recover the
number or continue using it

\- or they were ill in hospital for long enough their phone contract expired
and they could not have dealt with transfer issues at the time

------
paxys
I'm not sure why everyone is up in arms in this thread. Even if you could
contact Google support, they wouldn't be able to help you since it's up to
your GSuite domain admin to verify your identity and reset your
account/SSO/2FA.

In fact you were likely logged out in the first place due to policies set by
your organization.

