What’s The Worst That Could Happen If You Got Locked Out Of Your Google Account?
Relying on the cloud for everything seems great. Until it unexpectedly turns on you and you can’t legally leave your home.
Recently, I returned from a two week trip to the US.
As after every trip, there was a lot to get to. Three suitcases to unpack. A slew of business meetings to prepare for. Oh, and I couldn’t access my Google account.
Apparently accessing my email from a few different cities in the United States was enough to convince the algorithm overlords at Google that I was some kind of malicious fraudster out to … random myself for Bitcoin (or whatever else random fraudsters get up to online these days).
Knowing my password, having valid 2FA codes, and being able to know and access my backup email and phone wasn’t enough for Google.
Trying to log into any Google services was met by the same frustrating dialog affirming that “Your sign-in settings don’t meet your organisation’s 2-Step Verification policy. Contact your admin for more info.” (Unfortunately I am the admin on my Google account).
I’ve encountered various kinds of security challenges before. The type where you have to remember what your first childhood pet was to answer some question you configured years ago. Or go into another email account and click a link.
But this was in its own category.
As the system provided no means to actually … prove my own identity … I found myself at the mercy of Google’s nebulous “account recovery team” having to prove to Jorge II and his faceless colleagues at a massive tech corporation that couldn’t care less about me that I was simply some guy trying to access his email.
Here are some consequences that I didn’t expect.
You Could Get Stuck in Quarantine … Indefinitely!?
There’s nothing quite like realizing that you may be stuck in quarantine to realize that you’ve truly entered the twilight zone of the tech era.
You see, Israel currently requires that those returning to the country receive a PCR test at the airport to verify that they’re either COVID-free or that — if they have COVID — they’ll have to wait at home until a self-isolation period is over.
Hefty fines and oversight from law enforcement ensure that that process is well-enforced and backed up by some pretty serious threats.
But where do you think those test results go? In my case, the answer was email. The same email inbox that I was unable to access.
Jorge II and Roxana Mae and Nhel really didn’t seem to understand or care that I was essentially stuck at home and unable to know if I could legally head down the road to pick up water or food because some system their company operated–which gave me no opportunity to prove my own identity, at least in an expeditious manner — was locking me out of my digital life. Or if they did, they did a great job at hiding their alarm.
Roxanne Mae was adamant that she would “expedite the request.” 18 hours later and I’m still waiting.
Say Goodbye To Your Holiday Photos
Typically I try to add a few photos to liven up my Medium posts.
This would have been a great place to add a picture or two from my time in the US.
There’s only one problem.
I’ve already uploaded all the photos from my phone to my Google Photos account and deleted the local copies to free up storage space.
That picture from drinks in New York? It’s somewhere in Google.
The one I took at the airport? I guess it must be there too.
You Can’t Access Medium. Or Any System That Relies Upon Email Based 2FA (Like Potentially Your Health Records…)
The problem with being unable to access your email in this day and age is that an enormous amount of technology companies use two factor authentication (2FA) that sends a one time password (OTP) to your email address in order to prove your identity.
In fact, Medium uses such a system. The only reason I’m able to write this post is that I’m still logged in through a browser cache.
And here’s where things get more complicated. Email-based OTP is also used by:
- My health fund which contains my typical means for receiving crucial health information and ordering doctors’ appointments
- LinkedIn and many other social networks that I use for professional purposes on a daily basis
- My insurance company
The only way to resolve these issues would be to manually change DNS records to loop emails past Google temporarily. Does your typical Google user know how to do that? Why should this be the only fix?
You’ll Have Fun Guessing Your Daily Itinerary And Hopefully Not Missing Appointments (Or Flights Or … Any Calendar Entries)
Thankfully, I have one device in my possession that Google hasn’t fully denied access to.
This shows me the Google Calendar appointments that I need to attend today in order to not miss meetings. Missing those meetings might result in lost business opportunities or result in some clients being very annoyed with me.
The only means at my disposal for accessing my email currently — and attending those meetings — is to manually forward individual calendar entries from my locked-out email and onto another email address that I operate.
One by one.
Of course, those Zoom meetings could just as well be flights or doctors’ appointments.
Want To Manage Your YouTube Channel? Sorry, That’s A Google Service Too!
Recently, I got into YouTube-ing.
It’s a great platform for sharing video content you create and for watching what other creators have put up there.
Like most YouTubers I receive a few comments here and there.
I’d love to be able to respond to some.
Unfortunately YouTube is owned by Google.
Which means that if you loose access to your account and don’t have additional Managers working on your channel … you’re going to be officially SOL.
Google and Google Workspaces / Gsuite provides a system for keeping your digital life together bundling key services like email, calendar, and a bunch of nice-to-have add-ons in one convenient and affordable platform.
Unfortunately by aggregating a lot of essential services together in one place it also creates one serious point of failure that can break whenever Google’s proactive security services mistake your travelling account access history for the footprints left by a fraudster.
The ideal solution to this quandary would be extremely reliable and quick support from Google’s end. Unfortunately that’s a situation that’s currently much more dream than reality.
Because you know what? Like Jorge II and Roxanne Mae, Google appears to not really care about the fact that you can’t leave your home or access your medical records. You’re one of hundreds of millions. They’ve all got bigger fish to fry.
If you get caught up in Google’s dragnet through no fault of your own, then you should know that — at least at the time I’m writing this post — you can loose access to key online services at a moment’s notice.
And when you do, you’ll have to hope that Jorge II or Roxanne Mae or the “account recovery team” can “expedite” your request or understand that you’re really stuck at home because you can’t see if you can legally leave it yet.
This is a reality that is probably best avoided.
Don’t entrust your key online data to a service provider unless you’re totally sure that they can be relied upon in the event that something goes wrong. It’s nice to be able to legally leave your home.Even if Google doesn’t always understand that.
