Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Google has locked me out of the account
63 points by nitn on March 22, 2022 | hide | past | favorite | 45 comments
I forgot the password to my account and I have been trying to reset the password. To reset the password, Google keeps sending a verification code to the same email of the account that I'm trying to reset the password for.

I really do not get the point, I do not have the account logged in on any of my devices. I have tried all the previously used devices to reset the password from. It still keeps sending the code to the same email.

It's an account I use for AdSense and I have unpaid revenue in there. I have literally tried 5 different devices that I have used the account on, I can verify the phone number but then it keeps asking me to verify a code that's sent on the same email.

Now that I'm trying potential passwords, it asks me to solve a captcha everytime and I've tried so many times that it says I've entered the captcha wrong even though it's correct. We're 3 people literally looking at that and solving it and it's done that 10s of times.




There have been a lot of such threads on HN already. People should stop trusting Google.

https://news.ycombinator.com/item?id=22705122

https://news.ycombinator.com/item?id=17428707

https://news.ycombinator.com/item?id=9768593

https://news.ycombinator.com/item?id=19513501

https://news.ycombinator.com/item?id=30677471

https://news.ycombinator.com/item?id=350968

https://news.ycombinator.com/item?id=24709282

(Some of those threads also have related advice.)


There’s a lot of reasons to get mad at Google. Not setting a recovery email is not one of them.

I feel bad for this person because it’s a horrible place to be stuck in, but even if Google had great customer support allowing people to reset passwords over chat / phone would be ripe for abuse


In my case I had a recovery email set for my account and knew the password. I didn’t have any 2fA on but when I would try to log in Google just decided it didn’t recognize me and I needed phone verification - it wouldn’t use my recovery email. I had lost access to the number they were trying to use so I am forever locked out. I’d even get attempted login prevented emails at my recovery email.


Similar experience with one of my accounts and it seemed totally absurd that me giving them a phone number that has never been used for the account somehow verifies that I am the owner. It's clearly an attempt to extract more data from a desparate user.


> In my case I had a recovery email set for my account and knew the password.

Same here, the only thing I did wrong was use Linux + Firefox + change country

edit: it was a great lesson though got me out of google products after that, everything bar Android itself and very rare niche searches (hoping linux phones get good enough for daily drivers)


Just to chime in, Google will happily ignore your recovery email if your fingerprint has changed significantly. This happened the last time I moved, and it's very irritating.


As an aside. I have made it a point to simply login to my google sock puppet accounts annually from my desired location simply to avoid these such lockouts.

Their primary denominator seems to be ISP. I also use a linode instance for many as wel. Gives me two locations.

Disclaimer: I don’t think anyone can really speak to the google ai, decision making process. But I do know at least one appeal has silently been allowed in my case.


I actually have no reason to be stuck here because all these years, I was easily able to reset the password by verifying with a code on my phone number. It does send a code now as well, but then it's asking me to also verify the code being sent to the same email.


I recently had my phone repaired by Google - it was not damaged at all, but the screen had started turning black. This is covered by warranty. After I sent it to them they claimed it had a cracked screen - it didn't, so I asked for proof.

They could not send proof, relented, and said that it did not actually need a repair. They also said I had to pay for a new screen anyway as but they would refund it after repair. After a while I paid for their lie, then waited for my phone.

It was returned after a week, but they refunded the money minus tax. I complained, and now, after over 120 correspondences, I do still not have my money back.

I will never get my money back.


I had not one but two 'under warranty' problems with my Pixel 5 that they acknowledged but because I'm not in the country I bought it in, (and I haven't been back there since COVID began) they wouldn't repair it.

Since one of the problems was with the logic board it was not even really possible for me to pay for a repair in a reasonable way.

I ended up buying a pixel 4a, because I didn't want to switch ecosystem, so went for the cheapest Google phone. Might not be able to avoid giving Google/Apple money, but I can certainly avoid buying the flagship devices.


You can consider a GNU/Linux phone (Librem 5 or Pinephone) to escape Google. It's not for everyone yet, but the HN audience probably could use one.


I would definitely consider these phones, but I'm a digital nomad, so having multiple sims (e-sims) is a must, it doesn't look like either support it yet.

It's hard to break free of Android/iOS as well. I can almost guarantee that one or more apps, for example 2FA auth apps like Duo or Okta, wouldn't be usable on the GNU/Linux (I don't really know enough about them to be certain about this statement).


At least for Duo, you can extract the HOTP secret [1] and use it in any OATH tool, e.g. with the otp extension of pass(1) on GNU/Linux (which uses uses oathtool(1) underneath). You can also do it a more difficult way, e.g. using the Duo app under anbox.

1. https://github.com/simonseo/nyuad-spammer/tree/master/spamme...


People should set up one of the million ways to recover your Google account... SMS, email, recovery codes, "tap yes on your Android device", I'm sure I missed some. If you pay for Google One, you get phone support, it's not expensive. If you're an AdSense customer or have an account rep, you can use that to get in touch with people.

There's no excuse not to if you have an account that has monetary value tied to it. You lose your rights to whine if you're careless with your online identity and get screwed over because of it.


I have SMS setup, but it still asks me to verify the code being sent to the same email.


Thanks for the resources. I have already started moving away from Google because I've read nightmare filled stories about people getting locked out for various reasons.

I never thought it would happen to me in this manner. It makes no sense that it's asking me to verify the code from an email that I'm telling them I don't have the password for. Even when I have a recovery phone number set on the account.


Curious if this would work:

If you are in the US, try contacting google by every possible venue and keep a track / paper trail of your communications. If non of these methods work, then sue them in a small claims court. This is something for which you do not need a lawyer, and you can get up to $3000. They will probably take you seriously enough to try to solve it without going to court.


Google cares about $3000? And how are you going to collect?


I assume you've tried following this guide? https://support.google.com/accounts/answer/7682439?hl=en

As far as I know, that's about the only way to do things if you can't get in.


Love that bullet point toward the bottom:

> If you still can’t recover your account, you can create a new Google Account.

Difficult to believe that someone wrote that with a straight face.


To be fair half of the people I know can't even remember their email address or password for more than about an hour after creating it so that's exactly what they do regularly.

My sister in law is on her 11th email address in the last 3 years.

I have had my domain and email address for 25 years...


Why not? Would be a minor inconvenience for me, for example. Just enough that I switched back to my old account on my mobile after trying it with a new one (due to the name) last I switched phones. Guess it boils down to redoing my serial calendar entries and change the address at the few places where I have it as a backup. Oh, and maybe lose access to 10$ of store purchases (there's a reason it is so low).

That's from someone who has been an Android user for 13 years, which means I am not ignoring google, I am a user, just not an invested one.


If the email address to which it is sending the verification code is not @gmail.com (e.g. you use workspace or have a vanity domain+forward) you can change the email forwarding or redirect the domain to a different email provider for long enough to get the code.


Unfortunately it's a gmail account, not an external email account.


Update: Now it says "Unavailable because of too many failed attempts. Try again in a few hours."


You use that account for adsense revenue, but you did not add a secondary recovery email, nor a recovery phone number ?

When you do not have any other recovery, google tries a recovery method based on questions ("when did you register the account", "what's an email address you often contact", ...) where the answer do not need to be strictly exact, have you tried that ? And you failed it ?

If yes to both of those, how do you expect google to differentiate between you and someone else who make the same claims ? Do you want google to give a new password to anyone who makes that claim ("it's my account but i don't remember it's password, nor have its recovery method, nor remember enough to answer questions about it") about your account ?

I believe google's account locking is sometime too hard, and them locking the whole google environnement with it is wrong, but in your case google is doing the right thing in not granting access to someone who cannot in any way prove he should have it.


>I can verify the phone number but then it keeps asking me to verify a code that's sent on the same email.

I have a recovery phone number in there. I'm verifying it everytime Google asks me to, but then it takes me to verify the code from the same email that I don't have access to.

It makes no sense but that's what's happening.

Here's the flow of how it's going.

Forgot Password → Enter the phone number ending with XX → Enter the code sent to your phone → Enter the code sent to your email (the same email).

I've tried the recovery methods, there's no other way that Google is offering me to recover the account. I'll happily answer all the security questions if Google asks me to.


>Forgot Password → Enter the phone number ending with XX → Enter the code sent to your phone → Enter the code sent to your email (the same email).

Can't you select "I don't have access to this email" or something similar?


Note: I have a recovery phone number set on the account. A code is being sent to my phone, after I enter the code, that's when I'm being asked to verify the code from the same email.

I wouldn't be bothering about the account if I had not set a recovery phone number.


Gaslighting captchas are so evil.


How do you want Google to solve this? And how can they be certain you’re the owner?


> How do you want Google to solve this?

The current way Google is asking me to verify makes no sense. I don't know the password for the email, how do they expect me to go into that email and verify the code when I don't know the password.

> And how can they be certain you’re the owner?

I am already verifying the code from the SMS that Google is sending to the phone number on the account.

I know that there's no way to actually get this done, but I can verify that's it's my account.

I can verify that I'm the owner of the account Google has been sending the payments for AdSense.

I can verify by signing in from the usual devices that the account was previously signed in from.

Suggest me another sensible way, I'll do it because I'm the owner.


Sounds like he has an alternative means of identity verification (SMS) but Google keeps only working with the locked email address.

I mean, Google could also do what other companies do and let you send in a picture of your ID or have you enter identity questions.


As an google employee at the time, i was locked out of my account - but i set up forwarding so i would still receive emails sent to the locked out.

Despite being an employee (which implies 1. they can verify my id, 2. they have incentive to solve my problem 3. there's some amount of trust due to my employment), support wasn't able to solve my problem and i had to remember my password i set up over a decade ago after many trials.


and pay wagons of staff to verify? Google from the get go understood the rabbit hole of offering support to customers, and since most of their consumers don't pay, that's easy to make them accept there is no manual support. I have no sympathy for Google, but it's always been that way, and, at least they did all they could to safety net people who can't remember their password by prompting to set an alternative/recovery address fairly regularly.


All that for a free account? Why would Google do all that?


> It's an account I use for AdSense


It sounds like your real issue is a money problem, rather than an email problem. That is, Google owes you money, and you can't access it. You should probably chat with a lawyer about the legal side of things.


No. My issue is that to reset the password, Google is asking me to get something from an email which I don't know the password for. And that too when I have a recovery phone number setup on the account.

Asking to verify a code from the email for which I'm trying to reset the password is stupid and defeats the purpose of having a "recovery" phone number.


> It's an account I use for AdSense and I have unpaid revenue in there.

You made a point of callout out that you have money tied to the account.


So nitwit005 has a financial relationship with Google and should be able to access a support channel? Sounds like a perfectly reasonable assumption since Google appears to be profiting off nitwit005's content somehow.


I can't even understand the point you were attempting to make here.


I've seen this before. The only solution is to find a sympathetic Google employee you know. They have a special support form they can use to unstick this.


Should’ve created some backup codes


If you can’t pass the captcha, it sounds like a browser problem. Have you tried with different browsers? Or even through different internet networks?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: