Ask HN: Help – Locked out of 10 years Gmail account

329 points by schiffern ↗ HN
Due to the recent LastPass debacle, I decided to cycle my Gmail passwords. Boy that was a mistake!!

Gmail has decided that I can't log in with "just" my password. The new password is correct. It then asks me for my old password, which I put in correctly. Then it tells me I can't log in anyway. :(

Occasionally it will give me a QR code to scan. But I can't scan it on my phone, since my phone is logged out.

I can't log in to my recovery account, because (like a fool) I changed the passwords simultaneously. Now both are locked.

Somebody help! My account name is [redacted]@gmail.com (the recovery email should match my HN username). I'm locked out of a decade+ of correspondence, recovery, and historical data.

260 comments

[ 4.3 ms ] story [ 294 ms ] thread
I’ll forward this to my friends at Google if you promise that you stop using Google products.
Anything!

Please let them know my recovery account (another gmail, FirstnameLastname) is also locked.

Edit: I'm back in to my recovery account!! Just enabled 2FA to avoid getting locked out again.

My main account is still locked, but it let me verify via my old password, new password, and recovery email code. The message says that they still need to verify more, but I should look for an email to login within 48 hours.

Fingers crossed!

Thanks for everyone's help. Backup email works now. Looks like (fingers still crossed) I'll be getting back into my main account in 48 hours.

Obviously I'm re-working my email solution as we speak... starting with backing up my Google data!

Lots of good recommendations in this thread. Learn from my mistakes. It can happen to you!!

I was about to take out my work (G) laptop and send this down the appropriate channels. Very glad to see someone else stepped in already.

This is definitely I (personally) wish we could do better, I feel embarrassed and very slightly partially responsible whenever I see our support failures making the front page of HN.

Hi there! I hate to pile on, but I have a very similar issue and was wondering if you'd be willing to help. About a year and a half I lost access to a Gmail account with emails going back all the way to the beginning. Lots of sentimental messages, stuff like that. Logged into it after a long while, started looking at picture attachments out of nostalgia and somehow tripped an algorithm that locked me out. I stupidly did not have 2FA set up as this was not my primary account, so had no other way to offer proof that I was the rightful owner, despite having the correct password. I tried all the usual things - waiting a long time, trying old devices (phone, laptop), going back to the old location I used to live... nothing worked. Would love to regain access to years of memories.
What did you do? What worked?
(comment deleted)
Interesting how all those frame it as the user’s fault.
Trying this now.

Edit: the closest solution is to try account recovery, which is what I was doing. :(

I don't want to "spam" the recovery form, since I suspect that will only make it worse.

Edit2: trying Gmail app and Google Authenticator now, to see if that makes a difference. Will update with progress.

Edit3: no dice. Gmail app just loops me to a message saying "Google couldn't verify that this account belongs to you." Clicking on Verify account just loops me back to the login. It doesn't even ask for my old password like before.

I feel sick to my stomach...

- I had similar trouble accessing my facebook account - the FB recovery process involved me holding some valid ID in front of my webcam. Could Google have something similar ? (Access was restored swiftly)

- Have you, by any chance, stored some google recovery codes somewhere ?

- Isn't there a "call me and read me a one-time six-figure code" option available in all the login/authenticate option Google provides ?

hope it helps

Be calm. You may be locked out, but sometimes it just takes time to get back in.
Are you or can you try to make sure that your behavior is s close to normal as possible? If you normally access your account from Chrome, use Chrome. If you normally use macOS use it. If you normally have a static address at home, use it.

Trying to recover your account from your friend’s house in another country, or whatever, could be making it worse.

My IPv4 address at home has not changed for over 10 years. My IPv6 address at work has not changed for 4 years (modulo privacy entension). I have not used any public hotspot for at least 5 years. Still Google greets me several times a month welcome on your new Linux computer. Yes, I use Cookie Auto Delete. But if they had had reasonable algorithms, they would long have learned that I never have their surveillance history when logging in.
You can't remove the data that keeps you signed in, then turn around to say their sign-in algorithms should be better.
Yikes! good luck, hope it works out. This is scary. Gmail is still, by far, the best email app. Something like this could happen to me and, I suspect, a lot of other people.
The best email app wouldn't ban you for an emoticon in Youtube chat or sending a medical photo to your doctor.
These ToS, CSAM, moderation, etc are very orthogonal to the app itself. Why conflate them? Most non-hackernews people are completely unaware of them, so it won't be a factor in their choice of platform. Are we even sure other apps aren't doing similar things? Or have equally dangerous practices around password changes?
Because the user experience is that it doesn't work.
This is just crass. There's plenty of very good software with shitty T&C, this isn't anything new.
I dare you to find those examples in the Terms and Conditions.
>Gmail is still, by far, the best email app

True, no mails no problems, it's a feature not a bug.

> Gmail is still, by far, the best email app.

I used to think so when I used Gmail.

But switching to Fastmail, I no longer agree that it is "by far" the best. Now I think Gmail is only better by a slight margin, and this margin is so small that it does not justify the drawbacks: Potentially getting locked out with no recourse, certainly getting everything you receive scanned to deliver you the best possible ads, contribute to the email monopoly where the big players decide the protocols.

I know it seems lo-tech, but it's a good idea to print out the ten Gmail recovery codes and keep them in a safe place. I've done the same for GitHub too.
We’ve gone full circle to the the idea of post-it note credentials
That's where 'safe place' comes in. It's the intended use of backup codes.
> Gmail is still, by far, the best email app.

I find this opinion absurd. It is an e-mail client. Even if it did perform the tasks that an e-mail client needs to perform somewhat better than all other clients, the loss of autonomy makes it a terrible deal, even for non-technical users.

I love how the HN front page is the only way to reach a human at Google. No amount of money can get you a support ticket opened with an actual person in a situation like this
Google One might have helped. https://one.google.com/about/support
It doesn't anymore the trick with buying from the store also doesn't work anymore you get in the same q as everyone else after the hardware and one teams told you they can't help.
Google One support only works if you can login.
I've been locked out of 17 year old gmail account for awhile now because I refuse to sync my phone to it. I only want to login to delete the contents and deactivate the account. It still forwards to my Thunderbird which is how I noticed Google stops dedicating spam protection to un-synced accounts (or something). So, they want me to go away, and I want to go away, but they won't let me go away.
> to delete the contents and deactivate the account

Are you in the EU? Google's DPO or your country's data protection authority might want to hear about it.

Maybe he doesn't want to send them a copy of his national ID for the sake of privacy.

Are privacy guidelines in EU countries so well defined that they take terms such as "password for an online service" into their vocabulary?

They might not explicitly, but you have the right to take any data you have or they might have on you of any service, no matter if you have an account or not: aka right of access. I don’t know if it has been used this way, but it might be a possibility.
Nope, I'm in the US and here in the US Google acts as an extension of our intelligence agencies so we have no recourse. They're effectively part of the surveillance state, thus untouchable.
In ~2014 when I didn't have a phone yet (being a child) they deleted my account on account of not having a phone number associated for some weeks.

Even though postfix brings me headaches sometimes, seeing issues people have with google seems as setting it up was a step in the right direction.

> Google stops dedicating spam protection to un-synced accounts

The spam filter just broke at some time in the last year. I get 1-2 obvious trash spam in my inbox every day. Literally things with a subject like "You _WON_ !! ** our give_away!"

> I noticed Google stops dedicating spam protection to un-synced accounts (or something).

It’s not just you. Their spam filtering has been broken in general for a while now. Not sure what’s going on. I wonder if the volume of spam has just hit some critical threshold where it costs too much to process every incoming message.

You don't matter for Google and creating HN spam threads won't change that. At worst, it will solve your particular problem and invite similar spam threads from other victims of faceless corporations.
Such topics help more people realize that Google should not be trusted with managing their emails (or anything really). More threads like this:

https://news.ycombinator.com/item?id=31782952

This!

I wanted to switch from Google few times (always postponed it to a "next time"), but reading this today I realized how devastating it would be to get locked out. So in the next few days I will move away from Gmail.

My strategy is to only use GMail and no other Google service at all (cloud, ads, ...)

This way there is little possibility of somehow being labeled as fraudulent.

This. I also deny them data collection by not being logged in on my primary browser since I don't use any other service. I originally started doing that when they began to break Gmail performance in Firefox and had to access via Chrome but now it's out of spite.
The longer it's been since anyone has logged in, the more confidence Google will have that it's really you trying to log in. In all likelihood you'll be able to get back in within a couple weeks.
I hope you're right! If that doesn't work, it's all gone. It's not like I can "just" get to the front page again.
This saved me during my big scare about a year ago when I suddenly found myself locked out of an important account with no way to get back in (phone number was old and inaccessible). The password was fine, they just didn't believe it was me for some reason.

A few months later it suddenly worked again, and I seized that opportunity to move permanently away from gmail. I was lucky. I do not want my access to my online identity to be governed by luck, however, so really advise anyone who will listen to make the move before this kind of sob story happens to them.

"It won't happen to me" - I thought that too, and no doubt so did the OP. Won't it? How much will it cost you if you're wrong?

It now costs me $50/yr to know it won't happen to me and I'm more than happy to pay a fair price for a good product, like I do for everything else.

How does paying 50 bucks a year give you that peace of mind? What kind of recovery procedures do providers like fastmail have?
Real, intelligent people for customer support (well, the last time I needed any, which was years ago). You are paying for the service and it's not cheap although also not expensive compared to normal things you also need like Internet service (using US prices). GMail is normally "free," you are the product, and customer support and caring about customers is simply not in Google's DNA. Which we can see in too many of their paid services.

The real protection is to get your own domain which Fastmail of course supports, so you can point it at a different email provider if worst comes to worst, like ajross's plausible proposition that:

"[...] I'd put the odds of Fastmail failing entirely as a business rather higher that those of any single user having an unresolvable 2FA glitch with a gmail account. In the world of real data and not anecdata, Big Tech is incredibly reliable."

> I'd put the odds of Fastmail failing entirely as a business rather higher that those of any single user having an unresolvable 2FA glitch with a gmail account

Well that's funny, because I see a desperate post by a gmail user with an unresolvable 2FA glitch (except by screaming for help on tech-oriented forums hoping someone will notice) basically every week, and yet somehow Fastmail isn't out of business yet. And who knows how many "normies" without an HN/Twitter megaphone just silently lose access, weep a bit and give up?

I have no doubt that Google won't actually lose my email data, but if I can't access it and have no recourse then there's no difference in practise.

Interesting - took my account three years to let me back in. Was happy it finally did though
This is unfortunately not true (for me anyway).

I have an alt gmail account that I used less frequently. 3.5 years ago I was abroad right after the first wave of COVID, and logging in from a new laptop (no longer have the old one). When I tried logging in with the correct password, it told me I needed to verify an SMS to an old phone number I haven't used in 10 years (7 at the time I suppose).

Every now and then I'll try logging in hoping they realize that the account is mine, since I have the password, and no one else is logging in (hopefully).

Unfortunately, nothing changes, I still get the requirement to verify with a second device, and I never configured a recovery email for that account.

One day I'm hoping someone will register the old phone number, and I'll be able to smooth talk them into passing the confirmation code to me.

Not necessarily. I've two accounts that I couldn't access for multiple years now, google simply refuses to let me in despite having all of the correct credentials.

For anyone reading this, do not rely on google services, you'll move cities, change your number, or as OP change your password and _you will get locked out_ with no recourse.

> because (like a fool)

You are no fool. No doubt you are way above average intelligence. This so-called "security" ecosystem of Big-Tech is a dumpster fire of rotting clinical waste. Hope it doesn't spoil your holiday break - and for goodness sake make a New Year Resolution - to quit this madness forever.

I started working with security to help avoid these kind of scenarios to happen. No doubt gmail is adding controls to their service without fully considering the implications. When security locks you out of your content it is a non-conformity that should be resolved asap zulu.
This is an unfortunate situation, but calling it a "dumpster fire of rotting clinical waste" is frankly absurd. Google in particular has done more than anyone to acclimate consumers to the usage-patterns of better auth (two-factor in particular). Is everything perfect? Of course not, but things are a lot better than they could be.
I thought it was actually 2 step. The difference always confused me.
Nah, this is a complete farce. You’d think by this point google could offer a simple checkbox in the settings of your gmail account:

“Do you want this account to be extra secure and for us to lock someone out of it with any activity deemed suspicious?”

And then when you don’t click that box they don’t arbitrarily lock your account. But they don’t. Because they’re a dumpster fire company.

(comment deleted)
I'm not going to try to convince anyone that has their mind made up about "dumpster fire" companies or whatever.

For anyone else reading, I'll just say that we all know there are tradeoffs between security and usability and we can actually have a good-faith discussion about that if we want to.

"Tradeoffs" that consumers don't get a say in. They don't deserve good faith discussions when they treat us like children and throw away the key when that infantilization destroys stuff in _our_ lives.
The problem is that this trade off is between your usability and Google's security, so the choice of their security wins out every time.

I have never bought into this regressive corporate security model in which my desktop computer is supposedly less trusted than assorted web app accounts. Unless I've opted in to something different, knowing the password should grant basically full access to the account. If there are additional rules around changing the password or other sensitive meta tasks, then those need to be spelled out in a well defined manner, and not punted to some opaque fickle machine learning scheme based on IP addresses, browser vulnerabilities, phase of the moon, etc.

It's between your usability and security and the integrity of Google's offering.

The lockouts are there because of how easy it is, without them, to compromise someone's email access. People leave their email password lying "in the open" all the time (for a very broad definition of "in the open" that includes things like "re-use it in another site that gets compromised, and use the same username on that site so a cross-site attack attempt is basically a free action for an attacker to take"). When a Gmail account is compromised, people lose everything digital because they've routed their entire digital security story through their Gmail and it's a trivial operation to harvest all that data once an attacker has access. So the damage to an individual is massive when a Gmail account is breached. And since Gmail doesn't actually know who a person is, correction of a breached account is extremely painful (consider, for every method Google might add to prove your identity to restore ownership of your account, how a malicious actor could use that approach to steal your account).

I've been on the receiving end of a Gmail lockout (cooked a phone on vacation while my OTPs were stored in an envelope at home), and it sucks. But it sucks less than having my whole digital life story (access to HN, access to every forum I'm on, access to every hosting service I work with, access to every bank account I own) compromised because that Gmail account is the receiving target for every "reset your password" flow of every service I operate with online, and I'm the average use case.

The pure, utilitarian calculation is rather simple. Anytime you beef up the security policy, it tends to decrease the (permanent) hijacking and increases the lockout. From the point of view of original owners access (i.e. availability), they are equivalent in terms of losing access to the account. Because the hijacking breaches the private information and it also gives hijacker further utility for other illegal activity, hijacking is worse in general.

Thus, as long as the total number of hijacking+lockout decreases, it is a useful policy from the utilitarian perspective. Of course, hijacked people don't cry for help as much, and neither they blame Google as much.

People think a better customer service would somehow solve the lockout problem, but they need to understand that customer service has the same hijacking vs lockout problem, and they can only help if they have better identity verification methods available to them - e.g. if Google asked for government ID for opening a Google account, this would work - but if Google did that, people would scream. Without properly established identity verification methods, the customer service can't improve the precision and the recall. Thus, the current choice for the users is to use a better identity verification method - like security keys and using Advanced Protection, as non-phishable auth does not need complex and elaborate heuristic based protection, and set up a chain of recovery accounts, with all accounts using the security keys and/or Advanced Protection.

I made the jump to Fastmail and I'm very happy with it. Web interface is at least as good as Gmail's. Thunderbird keeps a local copy of my emails, I control the email domain. I can create backups. The second you get back in you gotta get off this platform.
The Apple Mail app on iOS and MacOS is pretty decent. No need to use the official Fastmail client (if you are on Apple and prefer the simple Apple alternative).
Also, iCloud+ allows the use of a custom domain. It may be an easier option for some.
I believe the major problem is having your email attached to a big tech general account. If your son decides to download a pirated game to your iphone, out whatever other unrelated minor offense, and Apple determine it's worth nuking your entire account, your email is gone. Granted, Google is worse at this matters, and when you own the domain at least you can point it to somewhere else, but it's still a hassle.
Does Apple have a history of doing that? This is the first time I’ve heard of that.
Even if that happens, it’s not a problem.

Why?

You go to your register and point your domain to another email provider, and you’re back in business.

Not a problem?

All your previous emails are lost, aren't they? Even you have local backup of them somehow, they are not equivalent to emails saved to your server?

If you have a local back up and the provider supports IMAP, you can just sync it back to the new provider.
Losing backups is problematic, but IMO the bigger issue is losing access. I care 10x more about emails that I haven't received yet, compared to my history. I am still not wanting to lose that history... but it is just not as big a deal.
If you're using an email client, chances are you have an offline copy of your emails (depending on how you configured it)
The only way to cover that case is run your own mail server.

I've done that in the past, don't recommend it unless you have a real need and know what you're doing. It wasn't hard, but just extra work that I wasn't sure was worth it.

Is it possible to recieve the icloud mail from a custom domain also in my non apple email app? For example on my desktop?
I recently switched things to an iCloud custom domain that I access through the Spark iPhone and macOS apps. It’s been an upgrade, though I’m still in the stage of finding and switching over accounts that use my gmail. I feel like that will never end.
A big plus one to Fastmail (no economic link, just happy customer). I use the apple apps to access. I've never actually had any problem but I have confidence if I ever do, it will be solved quickly and painlessly by a human who cares because I'm a paying customer.

I don't know why we ever thought free email was a good idea. Of course Google doesn't care about a free email user. They're just another useless eater out of billions. And yet so many of us (me included, until switching) basically built our whole online existences around gmail.

Email is important. Important things are worth paying for. You have status and recourse if anything goes wrong. Gmail works until it suddenly doesn't and you are reduced to desperate moves like begging for relief on HN. Move away before that happens, and vote with your wallet for fair service for a fair price.

> Of course Google doesn't care about a free email user

I pay $180/year for Google Workspace and Google still doesn’t care about me.

Realizing that was when I moved on.

I'm looking for a good alternative to the office suite, Microsoft has better customer service but not by much and it's not always easy to use cross platform(I wind up using Win, Mac, and Linux weekly and play with FreeBSD occasionally

To make the transition easier you can configure Gmail to automatically forward mails you your FastMail address. They all then appear in the fastmail acc and you don't have to touch Gmail ever again.
Thats exactly what I do - get a bit tiring to manage emails on both side during the intermediate phase (which I'm still in) but I have already migrated most of my financial and government contacts to fastmail.
I migrated the important stuff and then just incrementally moved things over whenever I happened to login somewhere. At this point, the only emails I get on Gmail are random crap I don't care about.

It's so nice to have my Gmail only for Android and other Google services. It was a big relief.

I also added a rule in Fastmail to automatically label things forwarded from Gmail. This became an easy map of what to update. In about 6 months almost nothing still comes to gmail.
yep, I have 2 gmail accounts that have been forwarding to fastmail for something like 10 years now. I'm really unsure on the timeline, but it's been a very long time.

google is good at spam filtering so those accounts became the accounts I give out to people publicly.

The only thing that I find isn't as good about Fastmail is the spam filtering. I see more spam in my inbox and my spam folder than I did in Gmail, but despite that the trade-offs (particularly less of my data going through and sitting in Google's systems) still feel worth it.
For me, it is the other way round - their spam filter is quite aggressive and I routinely find non-spam messages in the spam folder. Hopefully the training I'm providing makes the filtering better.
Ironically Gmail is one is the largest sources of spam hitting me at Fastmail.
I make this point in most of these threads, but this is falling to an anecdata fallacy. Gmail is thousands or tens of thousands of times bigger than Fastmail[1]. When you have have a scale difference that large, you're going to have a huge, huge imbalance of problem reports like this that has nothing to do with actual reliability. All providers mess stuff up occasionally. Everyone has a customer support crisis at some point, with someone.

In point of fact I'd put the odds of Fastmail failing entirely as a business rather higher that those of any single user having an unresolvable 2FA glitch with a gmail account. In the world of real data and not anecdata, Big Tech is incredibly reliable.

[1] Which seems great, btw. I'm actually looking at moving my vanity domain to them as I'm sick of chasing standards trying to host it myself. This is absolutely not a ding at Fastmail.

I use my own domain with fastmail, so if they were to fail, I could at least keep using the same address. Although I would need to find another provider that supports wildcard addresses going to the same inbox because I've found myself using the pattern companyname@ my domain for each business I give my email to. It makes it easy to block emails if a business doesn't let me unsubscribe or they share my email with spammers.
You realize that "My Domain Got Stolen and the Registrar Won't Fix It" is another whole subgenre of this kind of anecdata, right?

My point is just that there's no free lunch. Everything breaks, but on balance I'd trust Big Tech to get it right more than little companies like Fastmail or your domain registrar.

OP's post isn't about his email or domain getting stolen, it's about him getting locked out of his account with no way to get back in. There are many different providers for both email and domains that provide good support. Sure it's possible I could still get locked out of either. I feel like smaller companies that I'm actually paying are more likely to be responsive to my issues than a large company that I'm using for free.
> I feel like smaller companies that I'm actually paying are more likely to be responsive to my issues than a large company that I'm using for free.

"I feel like" is, precisely, the anecdata fallacy at work! You feel that way because you see so many more reports of problems with the big providers. The truth, obviously, is that account management problems like this are present everywhere[1], but the email (or domain) market is dominated by a small handful of players. So you think the tiny ones are better than they are.

[1] Pointing out the pervasive complaints about domain registrars was supposed to drive this home. It's weird you think that somehow doesn't count. All bureaucracies mess up, it's not like email is a special kind of failure.

Yea, but there is another difference besides them being smaller. Email is fastmail's primary business. A domain registrars primary business is selling domains. So it's more risky for them to provide sub-par support compared to google where gmail is just one of the many things they do.
Whoa there, what reasoning leads you to believe that "Big Tech" is more trustwothy than "little companies"?
> small companies that I'm actually paying
I feel like while you're absolutely right, I still have this nagging voice in the back of my head with gmail - a concern that there's this non-zero possibility I could lose access because e.g something i upload to drive gets mistakenly flagged as copyrighted material. Too many eggs in one basket.
> All providers mess stuff up occasionally. Everyone has a customer support crisis at some point, with someone.

I think this misses the point. With Fastmail, if they mess up, I can still talk to a human. With Gmail there is no customer support to begin with so you're screwed whenever something goes wrong.

I love Gmail’s automated inbox categories. Looks like Fastmail doesn’t have that?

(I know I can set up manual filters. I prefer it to be done for me automatically.)

so, they read and profile your emails, and then categorize that for you, and you love that?

ok, we are different

Are you implying there is any email provider that doesn't have access to your emails?

How does Fastmail determine which ones are spam?

This probably does not help, but...

I used to love that automated categories and had 4 categories. One day I suddenly felt that that was too many and reduced it to two, "Primary" and "Updates" (similar to mail.live.com's "focused" and "other") and found it actually easier to manage my emails. Of course that is still two not one, but just want to say that you might also realize that you don't need so many categories.

Thanks for the tip. I’m currently at 3 but I get what you’re saying. I might try it.
Okay I’ve been trying out your suggestion for a week. I think I will keep it.
Lesson learned, don't do unnecessary stuffs while everyone is on holiday.
Which is precisely when you finally have time to do them.
It’s not like Google customer service is going to help on a non-holiday
Is there a customer service at Google? Had no luck with them... once I got an email after they charged me twice for Play Music, but this was canned response. It took them almost 7 months to figure this out and pay my money back.
That’s the point I was trying to make. As a user, getting help from Google customer service for something like this seems to be nigh impossible. I assume Google has customer service for their actual valued customers — the ones who spend money placing ads, not the ones who spend attention viewing ads.
Google's strategy of locking out people from "everything" is just insane!

Someone needs to lawyer up and make them pay through the nose for stealing access to individual’s personal data that doesn't even belong to them.

Even this "someone" wins, if it's not a class action, I doubt any amount of money out of the lawsuit would change anything for a big company like Google. And I doubt case of these could result in class action anyways.
(comment deleted)
How is it everything? You get locked out of your account.
Which in the case of Google is for quite a lot of services...
Do you not have any of your recovery codes left?
I ran into a bug where the recovery account token wasn’t working. I found no way to contact google about it.

Until there is regulation, you’re probably going to be out of luck.

As the world gets more and more digital, there really needs to be such regulation. Certain accounts are too deeply ingrained in your digital identity, that they should be able to be taken away from you. At least not without a way to start a proper legal recourse, where real person need to solve your case and at least send you your data. EU do something!
Whilst it might not be of help to OP, I suggest everyone else to do a data export for all your important services every once in a while and save it with your other backups.

https://takeout.google.com

https://account.microsoft.com/privacy/download-data

For sure. I believe I have this set to create an export and notify me the backup every quarter or so. Not the perfect solution, but until I do the right thing and switch over to fastmail, this at least ensures I can only lose a few months (gulp) worth of email.
Having lost a few months of email when my mail server crashed, it’s something you whine about for a day or two but then it’s business as usual.

As with all insurance you pay for what you want to risk. It didn’t hurt me much but I still went to daily offsite backups for my mailserver. The biggest gripe was standing up a new mailserver, make sure you keep your software up to date yall

You can move your old emails off of your current email provider at any time even without changing any email settings or where new mails go.

It always seemed silly to me to have the server where your new mails get delivered be the same server as where your email archive lives.

The part that keeps me up at night - the last few months are likely the majority of emails I care about. So I might recover 99% of past emails, but only get 25% of the value -- recency matters.
Yeah, I think this is a great point. My goal is to get my email on a domain I control in the next few months.
Interesting idea - follow up question: where/how do you back it up? Looking forward to hearing about your whole system.
(comment deleted)
Hope you get your account back.

I’ve been on the fence about migrating off Gmail, but after reading threads like this, I put a contingency plan in place. Backups of my Google account are done hourly, and I have a custom domain/workspace account so I can move the domain elsewhere if needed.

How do you do hourly backups?
There are a few open source options out there (e.g. run IMAP backup script via cron). I personally use CubeBackup [1] on a local NAS, which covers mail/drive/photos. I then have a job that backs up that directory off-site using rclone.

[1] https://www.cubebackup.com/

Is there someone else around you trust and that could read the QR code on his/her smartphone ?
Welcome to the club, I've given up on Google altogether.
This happened to me - I even had access to my recovery mail but google just decided I wasn’t trusted back in my account after I moved to a new country. I contacted every support line I could but alas.

About 3 years later I was magically let back in, no idea why but I would try every few months and it just worked one day. Hope it doesn’t take that long for you.

There is nothing google will do for you. I had a similar issue here: https://news.ycombinator.com/item?id=31681221

I’m still locked out of my account. December 22nd was the expiration of the domain name I needed in order to unlock it, and it is now gobbled up by another squatting service (Bodi), so I will have to try again next year. They don’t even entertain my offers to buy it.

Let our losses be a lesson to people: get off of gmail asap. They do not care about you. They do not care about the harm they are doing, the memories they are sealing away. All they care about is making money off of your data.

Get off google now. As fast as you can.

It's now been 0 days since the last "Help! I've been locked out of my account!" story on HN. These have been going on for years and years[1]. The solution is for individual people to stop relying on services that don't have customer support to host critical things. This is now a well-known failure case for free cloud services. It should not be a surprise.

1: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

Sorry to hear that, this really sucks. Shows once again how authentication is still not a solved problem.

I switched to posteo.net recently and have not looked back since, can only recommend a paid email provider. Different level of support and assurance when you are a paying customer.

If you have it tied to an android phone, even without two-factor, there is a hidden way to generate a code it will take under security

Not all accounts seem to have this but I did. I do NOT have two-factor and eventually the "try another way" method offered to take me through the android code generation and it let me back in.

> *"Sign in With Backup Codes"*

https://support.google.com/accounts/answer/1187538?hl=en&co=...

This prompted me to download Thunderbird - was very easy to get started (it basically provided a wizard with some basic inputs and started fetching messages immediately using POP).
Thunderbird? Marty, I'll need to fix the time circuits, we've travelled back to 2006!

But seriously, what's next? Switching to IE from Chrome? Back to MS Office from Docs? The more things change the more they stay the same...

One of those isn't the same as others... IE and MS Office are MS products, Thunderbird is still under the Mozilla umbrella.

I guess for certain things we backup to cloud and for others, we backup from cloud :D

What's wrong with Thunderbird? My workplace uses it, my family's small business uses it, I use it.

Has lots of features, doesn't require a fast stable Internet connection, and there's no risk of losing your emails because $provider locked you out.

Plus if you have multiple email accounts, it's super convenient to get them all in one place.

Idk, Thunderbird, Outlook, and desktop email checkers in general seem absolutely antediluvian to me. Like CRT screens, trackball mice, and space cadet pinball.

Do you still have to fetch mail manually like a caveman or did they make it automatic yet? Does your mail sync between all your devices? I still think it's less likely to get banned from gmail than my local hdds to fail.

I'll be surprised of the features modern mail protocols like IMAP have.
> I still think it's less likely to get banned from gmail than my local hdds to fail

Uhh the whole discussion is about exactly this problem which you've decided won't happen to you because ... ?

Thunderbird rules and isn't going away, and makes things like blocking remote images easy (as opposed to gmail where you lose basic UX if you turn it off so most people don't).

What's more, gmail's basic features have really suffered in the last 10+ years. I search 20 years of email in Thunderbird faster and more efficiently than the bloatware POS gmail is now.

But best of all, I don't use gmail! I never have to worry about the nightmare scenarios presented here and nobody spies on my email (other than the NSA :) )

Oh -- physical backups rule too. From rotating through various drives my email is backed up at least 16 times over.

I'm getting pretty tired of these threads. We've seen them for years and years and years. At this point, anyone still using gmail is a PEBKAC error. Move!