Tell HN: Access to my personal Gmail blocked

21 points by g_private ↗ HN
I have completely lost access to my personal Gmail email that I have used for more than 10 years.

I know and am entering the correct password, yet I still cannot log in.

Google is requiring an extra security check (because I use the browser in incognito mode).

This seems to be a recent change that is affecting many users.

I can't verify access to my email because I have no recovery email/phone and I can't remember the answer to the recovery question (the account was created more than 10 years ago).

Very sad! Being barred from accessing my account without a valid reason... and nothing I can do about it.

21 comments

[ 3.5 ms ] story [ 59.9 ms ] thread
That's a bummer, I think we've all learned this lesson the hard way at least once before wising up.

Hindsight is 20/20, obviously would've been an excellent idea to enter that recovery phone or email address field. Why wouldn't you do it? In my experience, Google doesn't care how many email accounts you associate to the same phone number (within some degree of reasonability).

You know this is how it goes when you're dealing with ElGoog. Better luck next time.

Someone could've guessed your password and taken over the account, what would you like (or expect) to happen next?

I only have this address (I don't have any secondary email), so I never set a recovery email.

My password was relatively strong (and only used for email).

I don't know how I'm going to do it. Possibly I will lose access to some things or have some difficulty migrating everything to a new email address.

All my services (social networks, paypal, and others) are associated with this email.

Doesn’t having a recovery phone make you vulnerable to a port out scam, basically invalidating any 2FA?
> Hindsight is 20/20, obviously would've been an excellent idea to enter that recovery phone or email address field. Why wouldn't you do it?

Because OP has his password! The recovery email is supposed to be for people who forget their password! OP didn't forget it.

What are you supposed to do if Google randomly decides to lock you out of the recovery email too? How many emails is a person expected to have?

Google is basically just punishing people who take steps to avoid tracking on the web.

Recently my gmail required password and only 2FA It would accept was hardware security key. No OTP or Google auth. It was weird
Can you use an IP address that you might have used before? Maybe they are seeing a new IP address and that tipped the scale in their fraud prevention algorithm.
My ip is dynamic, so it sometimes changes. The ISP is the same as always (and the approximate location too).

I access the Internet using the browser's incognito mode. So Google considers each login as from a new device.

You might try keeping a brower session and trying to login with that once a day or so. It may let you in with a seasoned browser profile where the incognito profile seems fishy.

That or petition at their offices.

Whats worse, is something like this happened to me on Yahoo, except instead of not being able to login, they simply deleted my account. they said my account no longer existed. I never used any yahoo product for anything serious, after that.
After entering the correct password, I am locked out having 3 options:

-Use another phone or computer to finish signing in

    I always use the browser in incognito mode. This option does not apply to me (it will not work).
-Answer your security question

    I don't remember (I think I put something random) to make the account more secure.
-Get help

    It asks for the last password, but it doesn't work. Broken?
Try without being incognito. It doesn't hide very much from google anyhow and it seems like recovering is more important than the privacy you are getting.
I can't remember the answer to the recovery question

Having been in that position myself, I now make sure that any recovery question I accept to use has a single answer (or maybe two at a maximum) that is based on my personal past and can never change. Like "What was your mother's maiden name?" for example.

there has been a slow transition of all big mail providers to require a phone number more and more and it scares me; they do not need it, there are other options like OTP as mentioned by others - but as far as I am aware the big corps want to ensure they have a firm grasp on who you are. not really uncle sam watching your movements but more like uncle corp. if you do manage to get in, might be wise to tie in another email address to it or face the loaded barrel and put your phone number in.
Welcome to HN, where you read a story like this at least once a month.

For this reason I ditched my google account years ago and switched to a paid mail provider that offers support and isn't operated entirely by robots.

Maybe try to find someone at Google. Make hue and cry on Social Media?

You didn’t tell how did you use it. Was it only for personal/non critical usage? Or was it “the email” for you?

Anyway, in the meantime by a paid email (I hope you can afford it) and if possible have it on your own domain. Make sure domain and email providers are not the same.

Change email at as many places you could — ASAP. Especially at banks and critical online services.

I mean do the two things in parallel.

Everyone, download your Google two factor authentication backup codes and put them in a safety deposit box.
Or just mail multiple copies to distant relatives and ask that they keep them where they would keep important documents.
I have gone down the path of Fastmail as my mail provider and Gmail as my mail client. I don't trust Google and the setup also acts as a kind of backup. I also ditched G-Suite for Dropbox.
Gmail is good for all commercial/marketing emails, I prefer to call this spam. For anything else I use protonmail and own email server.