I Lost Nine Years of Photos by Blocking My Google Account
I usually use this weekly column to answer tech-related questions from people. I’m going away a bit this week because I find it important to share the reader’s story, although there is little that Google and I can do about her locked Google account. We can learn a lot from her example, as well as a few things you should check to make sure this nasty problem never happens to you.
Lifehacker reader Katherine writes:
I foolishly forgot my Google account password back in November 2019, I just changed it. I asked them to send me an email with a verification code, as I have done many times before, however I foolishly added two-step verification to my account.
The problem was that I entered the wrong recovery email, I was missing 2 digits in my email. Therefore, 2-Step Verification will not work. Google locked my account, I also broke my cell phone screen a few days later when I ended up buying a new phone but with the same cell phone number.
[…]
I am only asked 1 secret question: “What was your first phone number?” I chose this question myself in the security settings a long time ago. Then I am asked to give them an email where they can contact me, and after a few days I receive an email saying that they do not have enough evidence, so unfortunately they cannot open my account.
I am never asked any questions like when was your account created. I’ve tried recovery options from my laptop, Kindle, etc., which were using the same Gmail account, plus all of this from my home IP address.
I realize I initially forgot my password, this is my fault, but the Google security settings are incorrect as when I put the backup email they have to send an automatic confirmation email to make sure it is correct due to human errors. I lost a lot of important documents and 9 years of Google photos with photos of loved ones that I will never get back.
I present this reading story as instructive. Firstly, whenever you are dealing with two-factor authentication or any account recovery options – whether you enter your email or phone number for setup, or you copy precious backup codes – it is very important that you triple check this information. … This is not because it cannot be changed; Obviously, you can change details such as your email address or phone number if you have access to your account. However, you are less likely to do this because most people assume that everything works as soon as they set up their accounts. And if it doesn’t, and you’ve left a typo in the mission-critical account recovery option, you’ll be in a mess when you try to regain access.
Google makes this whole situation especially frustrating because they, the giant search company that practically prints money, do not want to create a customer service center that Google users can call when they have problems with Google services. Regular (free) Google users get the Help Center and a few community forums, but that’s about it.
Although I’m a little picky, I still understand Google’s point of view. First, most people don’t pay Google a dime for the services they use. Yes, Google does its best to extract data from you to better target you with relevant ads, but most people don’t spend money on the Gmail privilege, for example. You can pay Google a little per month for additional storage , but that’s about it. Why allocate a not so insignificant amount of resources to a service center for free services?
Second, and more importantly, Google’s lack of personalized assistance on issues like account recovery is actually a security measure in itself. Consider an alternative: If someone seemed to know your email address, phone number, and / or postal address combined with some information they stole in one of their many data breaches, you would like them to be able to convince a customer service representative Google, what is it really you?
Giving everyone the same general account recovery process and giving anyone access to any special services or additional support, of course, makes it difficult to access a locked account when you have unique problems. It also makes it difficult for other users to access your account. I’m not saying that I’m in favor of this trade-off – because real people do have tricky issues that require special help – but it does help limit the ability of a social engineering unscrupulous person to break into your Google account.
This puts the burden on you to make sure that all of your recovery mechanisms for your Google account are working properly. Even if you’ve already set them up and you’re feeling pretty good, I recommend taking a few minutes to double-check. It never hurts because you don’t want to deal with the alternative of not being able to access your account in the event of a major mess or security breach.
To get started, go to the ” Security ” section of your Google account settings. Scroll down a little to the list of Identity Verification Methods and make sure your phone number, backup email address, and security question are correct.
Then scroll up a bit and click on Two – Step Verification . You will have to enter your password again. On the next screen, make sure you’ve turned on Google two-step verification to better protect your account. Assuming you have one, scroll down a bit and click on “Show Codes” under the “Backup Codes” section.
Copy. These. Codes. Down. To paraphrase Gandalf, keep them secret and safe; you will use them to re-sign in to your account if, for whatever reason, you are unable to access the devices that you have configured for two-step verification.
Finally, go to the Personal Information section of your Google Account Settings and double check that your actual contact information is correct: email address and phone number. While you’re here, you can also make sure to enter the correct birthday.
And of course, the best way to make sure you never forget your passwords to anything is to use a reliable password manager . Even if it costs a few dollars a month, it is worth every penny. This not only makes it easier to keep track of your passwords, but also allows for stronger, more secure passwords that are very difficult to guess or brute-force. Plus, a great password manager will let you know when your saved accounts are compromised by a data breach (which should be less of a problem if you use unique passwords for each service, but people can get a little lazy).
This is my advice to everyone, and it doesn’t just apply to Google. If the service is important to you, make sure you know how you will get back to your account if it ever gets locked. Then check your details to make sure any erroneous typos won’t come back and haunt you, and make sure you save any backup codes or any other information necessary to regain access to your lost or blocked account. You will be glad you did it now if (or when) you have to deal with it later.