Fixed. I used Chromium to login (which I never do) and then back to Firefox. Everything back to normal, for now.

This has happened to me too, but in my case the Google account that I lost access to is the admin account of a Google Adsense publisher account. For some reason I don't receive the 2FA code to my phone, though I do know the recovery email address and the password. I don't log into the Adsense account a lot, it's a small amount of revenue, enough to cover some DO droplets every month. Given that I don't log in a lot, between my last login and first getting locked out, I had switched ISPs and switched my main browser to FF from Chrome, and even erased all my old Chrome data. So, new IP, and no cookies/fingerprint, not getting the 2FA codes... lock out! No recourse. No person to ask.

What's more funny is that I figured, well, I'll just create a new Google account and sign up for Adsense again for my domain with the new account. Turns out you can't do that because the domain for the Adsense account "is already in use by another Adsense account".

There is simply no customer service.

This story keeps coming up. When you pay for email, you get a customer status. This entails a SLA and a bunch of other rights, which you most likely never get from a free service provider. I hope if those reading these comments still use free email service instead of hosting their own (or paying for it), strongly consider making the switch.

I lost a lot of accounts because of this misunderstanding. I always use a VPN for work. I keep all logins and passwords in the password manager. But Google is very worried about my safety, even to my detriment.

I hate this. If I know the password I should be able to log in to my account no matter what (unless if I have 2fa enabled). Sadly companies like Google and MS do not like this idea, they also often use the excuse that they can't verify you in order to mine your phone number.

"Edit: Account recovered. I used chromium to login (which I never do) and then back to Firefox"

How can google keep getting away with this? MS got into trouble with IE with much less.

I perform a periodical backup of all my Google data with https://takeout.google.com/ if the sh*t would ever hit the fan.

I ran into a variant of this issue: I received an email at my primary address (recovery address for Google) that someone is attempting to log into my old Google account, and that the request was blocked. I try to reset password, hoping that the reset link is sent to my recovery address but Google doesn't allow that.

The only option is to "try and enter the last password I remember". Besides that there's no way to reset the password.

Why even bother informing me at my recovery address about the suspicious login then?

As long as a recovery address exists, it must be able to reset password?

This kind of stuff ought to be regulated somehow, one can’t lose access to one’s life.

I recently wasn’t able to recover an old account because I did not have access to my 2FA number and their help site suggested I “contact the phone company to recover the number, then try again.”

I had to do the same exact thing for another service but they did allow me to change the number by providing some information like last transaction, ID, selfie with statement.

This reminds me of the time that I obtained my original cleartext password for my old tripod.com account by simply emailing their tech support from an email account not associated with the tripod account. The email address from which I contacted them had the same username as my tripod account email, just at a different domain.

Their response email was simply my password. Not a password reset link, not a new random password. No questions asked.

This happened less than 5 years ago, when password hashing should be standard practice. But tripod was created in the 1990s when it wasn't standard, and I guess there was no budget/willingness to refactor the old database and login code.

I was not surprised to hear a few years later that their cleartext password database had been hacked and published.

Happened to me on an account I didn't use for a couple of years. I used the same IP, login, password, recovery email. Nope, 'we can't verify it's you, try again later'. Later I tried, and tried, and tried for a few weeks, still the same.

I gave up, transferred all services linked to this email, with some back and forth with their support. Then, after a couple of month of not trying I was finally allowed in.

The moral is this: google can't be trusted with such serious and vital service as email. They can freeze your access to an account and offer no way or support to let you back in.

Google marketing: "Entrust your livelihood to us because we're the experts"

Goodle production: "We're not responsible for your livelihood"

Same from Microsoft

I too faced the exact same issue, lost 2FA recovery codes as it was saved in Google Drive (lol).

The most frustrating thing was that even though my phone number was linked to my Google Account, they didn't have an option to send OTP to my phone number to reset my password. Even after contacting Google support nothing helped, eventually I gave up and created a new account :/

About a week ago there was a trending article about backup strategies in HN and everyone shared their insight. But it seems that know one takes thought about backing up your personal cloud services, especially from Google. There have been countless stories of people locking out from their Google account and still people don't do some basic backing up.

I have so many important accounts attached to my gmail so I created a bunch of backup codes and hide them in various places

You've just reminded me of how much I rely upon a free service provide something so critical to my everyday life. Time to move to a paid service where I can have someone to call when issues like this turn up.

I had a bit of a squeaky bum moment the other night. I needed to sign up for Stadia and was asked for my gmail address and password which for the life of me I couldn't remember (and it wasn't in my password manager).

I then requested a password reset and tried a couple of the account rescue codes. Turns out I'd used these specific ones before but hadn't marked them as used (doh!) and at that point stopped in case of a hard lockout due to "suspicious activity".

So at this point I capitulated and just went for the "I'm dumb and forgot my password and have no other codes or keys" option. I was then told it'd take SIX HOURS for google to verify my account before they'd send me a password reset link.

Luckily it all worked out and all I lost was an evening of Stadia, but I couldn't help feeling I was teetering on the edge of loosing my account.

Footnote: yes I have considered switching to a paid service such as Proton Mail, but at the time covid happened, I lost my income and couldn't afford it. I think this experience will spur me on now that I'm gainfully employed.

You get what you pay for.

(Sorry for the obviously totally useless comment that is not helpful in any way. But seriously: I've seen this happen to a number of people, and you're just out of luck - computer says no. If you value your digital history, host your mail and file at a party where you pay for the service - that makes you a customer not a product)

Hi, this account was created for this post. My personal gmail beta account is to this day being held ransom by Google. It was only used for my most important accounts, my bank, gov, utilities etc. My life, online and offline.

Despite only ever logging in from a residential line in the same city for entire life of the account; one day there was """suspicious activity""". I did everything asked.. confirmed every detail, provided backup codes, secret answers, gave up phone numbers, every password change and dates, even the exact date and location when the account was created, E V E R Y T H I N G.

Turns out that my account is so secure that even I cannot access it. Well I'm sure you can imagine what a total fucking nightmare it was to workaround the absolute evil that is Google. That's my rant, I'm glad that you got your account back OP.

Happened to me as well, except I could never get back the access. This is how it permanently looks like: https://i.imgur.com/4YrElkJ.png

I don't like it when you replace my title and make it confusing.. almost seems like I only had the correct credentials when I regained access (dang)

So, what was the cause of your inability to login sense all you did was switch browsers for it to work?

Could it be some autofill or other cached information jacking with the form input?

HN exposure to the rescue!

https://xkcd.com/806/

Yep I have an account like that for several years, but it's still logged into thunderbird and works fine for sending / receiving. Cannot login via browser though. It asks for my recovery email, which successfully sends an email, and then says "we cannot verify it's you" lmao

This happened to me when I was away from my home; I tried to log in to my Google account, but I couldn't gain any access; I tried to change the password and everything, yet the email won't update; it will only update on my browser.

I wonder if you could sue google to get back your data.

They have your data and they are effectively arbitrarily deciding you can't access them anymore.

undefined

Backups? I have daily snapshots going back 1 month.

i use firefox containers for critical logins like that, where i never clear the cookies.

Yup. This happened to me two years ago. Thankfully I hardly used them for anything important. They started freaking me out years ago and I've moved to self host everything.

People still send emails to my gmail address, including my own family. It forwards to swiley.net for now but that probably won't last.

Log in from one of the ip ranges and browser/os combinations you’ve used in the past