Both Molly and Amy (in the OT) have gotten confused and assumed that the accounts had been merged indefinitely (who can blame them? This is as much PEBKAC as horrible UI) so they attempted to "unmerge" them, ending up deleting one of the accounts.
The way to "unmerge" them is to log out of Google. Then, next time somebody logs in, there will only be one account.
This UI is horrible, I had a similar uncomfortable moment trying to log one account but not the other, even though I knew that they had not gotten merged, it sure seemed like it. The intention was good, the execution lacking (my guess is that there were lots of technical reasons this couldn't be done cleaner).
As soon as Chrome introduced Multiple Users, I started using that and it's much better, with less mental overhead to check which account is loged in (I use a black theme for one account, a white theme for the other). For other people/accounts, I just use Incognito mode. For most end users, this is still too much overhead for them, but in that case the only solution I could see is autologout, which has its own problems.
Ugly, but it works
In this particular case, the best email "app" on the web still struggles to match the functionality of 15 year old native applications in the same category.
With Multiple Users, there's a bit more overhead with seeing you received a new email/chat and switching to the appropriate tab.
This is just like how I type "server" instead of "serve" all the time. (In fact, I just made this mistake while typing serve and had to concentrate not to do it that time too.)
It's a known issue. So far I haven't found a good solution or explanation.
The benefit for me is that this does not only work for for Google related products (gmail/analytics), but also for other products you use. In our case Outlook Web Access, but also for example Trello and GitHub.
I'm constantly finding myself logged into YouTube with my work account after logging into Google Drive to see a document shared to me by the coworker. Except after clicking on the link in the 'so-and-so shared a…' I just get a regular 401 'You're not allowed to access this content', because I'm logged in as a different account, but not provided an option to change accounts.
I have three google accounts: work, 'Google-related stuff' (gmail, calendar, other google services), and YouTube, and I'm constantly logged into the wrong one. Google seems to assume that everyone has a Google account, and only one, and they're always logged into only that. As soon as you break those assumptions, things start behaving in unfortunate, unpredictable, and inconvenient ways. Even with their new ability to change between profiles, it doesn't work all the time, and when it fails it's overly confusing and arbitrary.
"There is a way to do this" does not equate with the "average" user 1) Understanding this; 2) Remembering this especially when used infrequently; 3) Allowing themselves to be arsed with it when it's a cumbersome process.
Further, product managers and "designers" keep changing the design. Even and especially designs that were meant to convey e.g. the existence of and validity of secure connections.
Everyone wants the marketplace of "computing for the masses". Well, you need to design and engineer for those masses, as well.
To some extent, this is being "resolved" by "the masses" already being onboarded and managing, through constant exposure, to somewhat keep up.
However, this means of "dealing" with the problem leaves plenty of room for failures, some of which are pretty spectacular for the individuals and/or organizations involved.
"Secure" your documents in our "perpetually" available and backed up online storage... "Whoops", they're gone!
A blip on the map. Except for the user involved.
Obviously that's an overgeneralization but I don't know very many people who actually want to design for the masses. Converting the masses is only something we value because we know it's necessary to make a lot of money, not because we believe reaching the masses by itself is a sign of great design or innovative work. For example most developers and almost all designers I know use macs and design for macs (e.g. web typography that looks fantastic next to Mac OS UI elements and out of place next to windows UI elements) even though many of their users may be using windows.
In addition, the problem that OP describes is only a symptom of a much larger paradigm shift that (a) has been happening for a while, and (b) is in the interest of many Internet services to impose upon users, too. The idea is that a computing device only has a single user at a time. Instead of logging in and out all the time, you just stay logged in indefinitely, so that identification of a device suffices to identify the owner and everything you do on your device can be attributed to you. Logout means nothing if they can still track you with extremely-difficult-to-delete "evercookies".
The problem is, even today, most devices are only single-user 99% of the time. Ordinary people borrow one another's laptops, tablets, and phones all the time. Because devices get lost, stolen, damaged, or out of battery all the time. Because when your best friend buys a shiny new iPad X, she lets you borrow it for a couple of hours. Desktop OS's have Guest accounts, but they are often not enabled by default, and even when enabled, it's a hassle to switch accounts. So when a service is designed on the assumption that a device only has one user at a time, it works 99% of the time, but it fails in an ugly way the other 1% of the time.
When a cousin borrows your brand-spanking-new Android-based LTE-enabled DSLR (I don't know if such devices exist, but why not?) to take pictures on her trip to Hawaii, you shouldn't have to worry about having inappropriate photos of her automatically uploaded to your Dropbox and stay there even after she deletes them from the camera. Ditto for your Gmail app, any other app that identifies your device with you, and any web app for PCs that work under similar assumptions. Something is suboptimal here, though I'm not sure how it might be fixed without great inconvenience.
This is the one thing in Facebook's favor (you can criticize privacy, but it's still a good feature IMO). There's an "undo" for deletes available for a short period.
Also, I have a habit of keeping a secondary email where I forward a copy of all incoming messages. It's a bit of a hassle, but that's another free provider so in the unlikely event one gets nuked, I can quickly grab my things via POP on the secondary (and leave a copy there). So that's 3 places I keep attachments etc... for the future.
You always sacrifice independence and self-sufficiency for a bit of convenience, whether it's accounts or milk. Not quite ready to keep my own cow yet, but I'm counting on my neighbor's one for my daily supply for now.
It baffles me to think that there are people out there that manage to do this "by accident" and then manage to wait long enough to be unable to restore their account "by accident".
Give the poor souls with fat fingers a chance to recover.
Not only did this user not merge their account (because that doesn't happen, as many people here have noted), deleting your account is a pain and a decent amount of work that is difficult to do accidentally (see this walkthrough about how explicit the process is: you have to click a checkbox for each product you currently use), and there is an account restore procedure after deletion.
Now, it is possible this user was confused and did all these things, then waited too long to try to restore their account, but there's not much else you can do for a person like this. You don't want a deleted account to be restorable for too long. They ask about Drive documents, but a mainstream and obvious backup for that does exist (not sure what it does if your account is deleted, though). Maybe make multiple sign-in disabled by default so that people won't accidentally do it? That's just going to annoy a different class of users...
Regardless, if people are going to reflexively vote up every bad user story in the google product forums (and why stop there? there are help forums all over the internet!), the front page is going to be...not very interesting.
- Multi sign-in isn't great, but how did this user get in that flow in the first place? ("Add Account" isn't something most people would find inviting).
- How did this user accidentally delete her account? The process is actually fairly involved, and is difficult to do accidentally.
- How long did this user wait to restore her account? According to the help docs, you have a grace period to restore an account.
- What "representative" did she talk to? As far as I know, there's no chat support for free Google Apps.
Without this information, there's only speculation to be had, which is the entirety of this thread (in fact, most of this conversation has to do with "advanced" uses of multi sign-in, and has nothing to do with this story). There are a million stories like this, and this is a poorly told one. As should be expected! The user was not writing this to serve as the basis for a discussion on confusing UIs and bad user flows.
That was my point. Feel free to point me to the interesting UI discussion in this thread.
Can someone shed some more light?
The solution is simple, just click the sign out button and Google signs out all accounts that are configured to "stay signed in." Alternatively, he could have cleared his cookies or waited for them to expire.
Some people have been saying this is because of bad UX on Google's part. Google is kind of in a catch-22 situation here. They want to upgrade how multiple users check their Gmail on one browser but no one wants to learn how use their new system (I got frustrated when they introduced their new UI to compose emails and had to show a tutorial on how to use it.)
Nothing exclusive about it, except that you logged into it first sequentially.
I guess there's something more behind this story (probably PEBCAK).
1) Use Incognito when using other machines, or
2) Don't trust Google with precious things.
Still not great, but it's not permanent.
You can also log out other sessions in google apps, not sure if that resets the dont-do-2factor-auth bit though.
Edit: I'm still looking for some kind of documentation for it, but I know this firsthand. I set up two factor authentication several months ago and chrome has not asked for anything other than the password since. I can even go into the two factor settings with only my password, which gives me complete control to make unlimited single-use codes, or authenticate a different phone, or turn the whole thing off.
But more importantly, your threat model is rather urealistic. Why would you trust an infected and keylogged computer to not be able to steal something as unprotected as cookies? You're right that in some kind of situation with a 'pure' keylogger you're safe, but you could get the same level of safety by doing something silly like log in with an on-screen keyboard. I think such a narrow threat model is misleading.
- My wife was logged into her Gmail account.
- I then logged into my wife's Picassa web account to share pictures with someone. I needed some information (an email address) from my own gmail. So for so good.
- So I logged my wife out of her gmail while keeping her signed in to Picassa web.
- Then I logged into my Gmail and got the info I needed.
_ I came back to my wife's picassa web acciount and when I tried to share an album with someone by entering the email address, whoops I get a 403 FOrbidden error. WTF!!
After a few mins of thinking, I thought why not log me out of Gmail and login back as my wife suspecting that google might be confused b/w 2 logins ? Bingo!! It worked. WTF google. Seriously!!
I do think they could make it more obvious what is going on behind the scenes, so that in your case, Picasa would have noticed the account was no longer logged in before it let you share the album.
Why on earth would a normal person assume that?
If it's a one-minute look-up, open an incognito window for him. If longer, log off of your google account. And other accounts, preferably.
It's best to switch the desktop user to 'guest', it's easy under most OSes now.
("Never log into a Google account on a friend's machine", in case it gets changed later.)
("Use Incognito Mode when using a friend's machine or risk having your accounts stuck together"? Or maybe "Don't log into a Google account on a friend's machine without using Incognito"? It's a bit too late for me to edit, unfortunately.)
I would move away from Gmail completely but it's great for the search capabilities and Google Drive is really nice for a good enough doc suite.
One of these days when I get enough time I will download all my messages and just use Gmail / Drive as a container for archived info I want to be able to access from anywhere and use the Gmail search capabilities.
To the other suggestions, I would add that you should get your own domain name for your email to go to. That way you can switch the back-end service at any time.
If I know ahead of time that I might have to use a Windows computer that I don't own, I carry around a USB drive with Portable Apps and everything encrypted with TrueCrypt. I have been able to put together a pretty decent dev environment on a USB stick (except that USB sticks are slow.)
That's probably still asking for trouble though. You never know what someone might have installed on their computer. A separate browser as a portable app won't protect you from key loggers.
So I'm not sure you're drawing the correct conclusion here. It's more about whether there is a flaw in the specific UI around this functionality or insufficient warnings around irreversible actions. Without knowing what the user did it's a difficult call.
Google couldn't give half a damn about their users.
When things go wrong it's nice to be able to get in touch with someone who can actually fix it.
I'm saying they have a way of restoring your account (and it's worth noting that this person claims to have gotten in touch with a "representative").
Which reminds me I should probably start keeping backups of my Google services.
This is precisely why there is a guest account on my computer that other people can use. It's fully sand-boxed in the sense they can't access accounts I'm logged into. It should really be enabled by default on all OSes.
1) find backup
2) restore from backup
3) live happily ever after
Of wait, you dont have backup...
However, for 99.999% of the cases, just use incognito mode and close the window after you are done. Next!