EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > Google Gmail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Google Gmail Forum Discussions related to Google's Gmail service should go here: suggestions, tips, comments, requests for help, tech issues etc.

Reply
 
Thread Tools
Old 1 Jun 2018, 11:02 PM   #1
j_b
Junior Member
 
Join Date: May 2018
Posts: 6
Gmail/Google Acct security

I've stumbled on the Gmail help forum while searching for some stuff on the net. It is scary to see the staggering number of people being locked out of their Gmail acct, either inadvertently (seems like a majority of the cases) or victim of hacking. There are like a dozen or 2 new cases each day, which is small considering the 1bil+ Gmail accts out there, but that's small consolation when you lose access to your acct and your entire digital and financial life might depend on it.
What's scary is, there is no live customer support, and the mostly automated support (and behind it the probably severely understaffed human support) takes weeks or months to look at the more difficult cases (many seem to be). I guess this is to be expected as Gmail is a "free" product (but Google does surely make money out of it etc.. etc..).

What prompts me to write this post is this thread
https://support.google.com/mail/foru...guUVPZs/?hl=en
where the poor guy seems to have done everything right and by the book:
- he's got his phone number linked to his acct and has access to this phone/his phone
- he's got his recovery email on his acct and has access to this email
- he has 2FA on and his Google Authenticator is on his working phone (and he has the 2FA backup codes)
- he is accessing his account on device(s)/machine/IP that he usually uses and that are logged by Google
- he remembers the creation date of his Gmail account.
So he has forgotten his Gmail password (but still has access to his Gmail on his phone). Despite having everything right as above, and having shown this to Google, Google still has not allowed him to recover/change his password, for 2 weeks and counting. Technically he is not locked out of his account (yet) as he can access it on his phone, but he is at the mercy of the phone breaking down/being lost or stolen (then he will be completely locked out). The expert helpers on the board are themselves baffled by Google uncompromising attitude on this case.

So let's say you do everything right (security-wise), but you lose your phone to a thief, and you have forgotten your Gmail password, and let's assume the thief manages to access your phone. Then he has 2 weeks+ to use your Gmail to access/reset/do anything he wants with any online service tied to your Gmail. You cannot forced-log him out of your Gmail on your phone because you can't access your Gmail elsewhere. Meanwhile Google takes weeks+ to (maybe) allow you back to your Gmail account to change its password. Deactivating the SIM wouldn't help because the Gmail acct will stay connected on the phone via wifi.
I guess morality of this is: if your email is important to you, it's probably best to pay up (Fastmail, GSuite, etc..) to have live support.
j_b is offline   Reply With Quote

Old 2 Jun 2018, 06:26 AM   #2
communicant
Cornerstone of the Community
 
Join Date: Jul 2009
Posts: 837
Quote:
Originally Posted by j_b View Post
I guess morality of this is: if your email is important to you, it's probably best to pay up (Fastmail, GSuite, etc..) to have live support.
Was your use of "morality" instead of "moral" a mistake or a very apt Freudian slip?
communicant is offline   Reply With Quote
Old 2 Jun 2018, 08:17 AM   #3
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 353
I suspect there are real cases of people being locked out despite having all their ducks in a row with regard to the recovery information, but in my experience having worked extensively in customer service there are often things that the consumer swears up and down are correct when in fact they are not. For example, was the original recovery phone number changed? Was the sign-up date noted correctly? Etc. Typically, even business customers get these things wrong and then are very angry when you don't give them full access to some account despite the fact that the cs tech on the line has no accurate information other than the person is swearing loudly at them on the phone or in all caps in an email. There are many, many scammers out there with exactly the same story as this probably legitimate person who is having a problem.

So, the real moral of the story is never, never, never create an email address, login, or other critical information without immediately storing it in one or more secure places, preferably a password vault of some sort. Plus, always secure your phone with a password and/or biometric login like a fingerprint. By the way, I also have all my emails either forwarded to another address and service, on another platform, or else synced using IMAP. The main service goes down and I am up and running on the backup service nearly instantly until I sort out what is wrong with the first service. Having done a lot of offshore sailing I know that you never rely on a single point of failure for critical systems.

Last edited by TenFour : 2 Jun 2018 at 08:25 AM.
TenFour is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:27 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy