1y ago

Locked out - Google's absurd security measures won't log me in

As title says. I haven't used my Google account for more than 3 months. Prior to abandoning my Google account, I unlinked my phone number, deleted my recovery email, and logged out every device. I also never had 2FA TOTP setup.

Today I tried logging in and it won't let me. See video. Apparently, providing my login credentials doesn't prove that the account belongs to me. And no, I won't give them my phone number again to login.

I hate Google

30 comments

Prior to abandoning my Google account, I unlinked my phone number, deleted my recovery email, and logged out every device. I also never had 2FA TOTP setup
So you did this to yourself, and have the audacity to complain.
- Yes. Because I don't want to give Google that information about me any longer. Which is my right and according to you Google is justified in locking me out and demanding that I give them that information to regain access to my account?
  People like you fail to see the implications of this. We more and more live in a world where technology rules everything. Soon the CBDCs might take over. And when and if they do, you're gonna be forced to provide all sorts of information about yourself. Lets hope that you too will be okay with handing over your data just so you can buy groceries. After all, it's their system, their service. If you don't like their rules, don't use it. Right? :)
  
  Well they want to prove who you are because a Google account is the central part of someone's online life. I'd imagine that binning off all that info quickly looked really suspicious and flagged something on their systems. They can't just let that slide because of the possible implications, someone might use that email as their bank account login or maybe it's linked to something really personal.
  Is it out of the goodness of their hearts? Hell no, it's entirely to cover their asses from liability for damages.
  
  The fact that they're asking for the information in order to compare against for identity verification should tell you that they already have the information.
  If you were a fraction as savvy as you seem to think you are, you'd know that deleting your PII from your profile did absolutely nothing in terms of removing it from their systems. Right now you're whingeing about how upset you are about having to give them a phone number... that they already have.
  This would only be discussion-worthy if you had actually removed the information and they were demanding it back. You didn't and they're not, they're verifying the information you gave them to prove your identity using industry standard methods. If it wasn't for the fact these are getting posted during school hours I'd assume you're some edgelord teenager...
  
  That's all well and good, but you can set up 2FA using an authenticator app and it won't tie any PII to your google account

"Apparently, providing my login credentials doesn't prove that the account belongs to me" given how bad people are with password reuse, phishing etc. - no it doesn't, unfortunately.
- While that is true, I do not fall into that category. I let KeePassXC generate all my passwords and most of them are longer than 30 chars. I'm just simply tired of being forced. I believe I should have the say in how I want to secure my account. Not the companies.
  
  "They treat everyone the same way, but I'm special so I should get special treatment!"
  
  I believe I should have the say in how I want to secure my account. Not the companies
  Then roll your own email server and start hosting it yourself.
  
  You can believe what you want, I guess, but that does not change reality. The company also has a vested interest in marketing your account security. They also lose out when accounts on their system are compromised. It seems a bit ridiculous to say that only one of the two parties who have a vested interest in security here gets to set the rules.
  
  The problem is that they can't tell who is who, nobody wants the extra hassle of extra security, and in the end the companies have to deal with the fallout (customers asking for account recovery, compromised accounts being abused, ...).

I unlinked my phone number
I won't give them my phone number again to login
Google already knows your phone number, I don't think it's unreasonable to do that to protect the account from theft, especially after several months of inactivity and without any other means to verify the account ownership.
- I understand that Google already has my phone number. That's not so much of a problem for me. I am trying to limit the amount of personal information that I hand out to websites & services. I believe that companies shouldn't need my personal phone number to create, maintain or secure my account. If I need security, I'll install 2FA TOTP. If not, that's still my decision and I shouldn't be forced. Especially not in form of having to provide my phone number.
  
  You can believe whatever you like. The companies that disagree have no obligation to service you. Go find services that don't require phone numbers if this is important to you; they do exist.
  
  The solution if you and a service don't see eye to eye with terms is to not have you use the service. Seems like Google made the decision for you.
  
  I believe that companies shouldn’t need my personal phone number to create, maintain or secure my account.
  What you believe is irrelevant. You don't run the service.
  
  Hire a security professional or keep trying or give up. I loathe google but this isn’t their fault.

This post is basically what the Lemmy community has become, in a nutshell. I thought there would be a mass exodus from Reddit but it seems like the only people who came here and stayed are far out on the fringe. Between this kind of stuff and “I refuse to own a car because the infotainment system is not open source!”, I find myself more and more gravitating back to Reddit for some normality.. which is a hell of a thing to say.
- Try not to judge the whole community for idiotic posts like these. There are always going to be dumb kids shouting dumb shit wherever you go, sometimes you've just gotta roll your eyes and keep on walking (or scrolling I guess) leaving the folly far behind.

Now it's mandatory to give a phone number to create an account. Unfortunately the only way to restore your account is to follow what the bot says, because there's no way to contact some human supervisor
- i'm trying to work with a user here now who has an 'old school' gmail, no recovery methods, no phone numbers. cannot get in, even with the password as it's locked into requiring 2fa or some bullshit, which can't be done because there's no way to. google offers to send a 'code' to an email they provides but they never do. that account is just g.o.n.e.
  i have had many others who have been screwed-over by microsoft when they ditched voice calls for verification/2fa, for years they begged and pleaded and conned users into giving up a phone number.. any phone number. and so they did. their landlines. they only ever had those landlines associated with their msa and microsoft won't utilize them anymore. this has spilled over to a several of them losing access to other accounts (in one case, including a number of ipods and ipads used by a family, too) because their 'hotmail' is now inaccessible for 2fa or verification/recovery of those non-microsoft accounts.
  
  even with the password as it's locked into requiring 2fa or some bullshit
  I wonder if this is what I'm dealing with - does it tell you it needs 2fa, or just refuse to log you in? I've been locked out of my old main gmail (no 2fa set up) for a while and would really like to get some stuff out of it before they automatically delete the lot.. 😕

If you want a service on your terms, you have to host it yourself. Google has to deal with liability and privacy and the fact that they would be the single biggest attack vector for anyone's online life of compromised.
There are so many sketchy and anti-consumer things that Google is doing. This is not one of them.
- I hate Google
  Then why are you reactivating your account?

This is definetly something that is gonna be talked about more and more as time goes on.
I'm counting the days until Google decides it's "necessary" to scan our faces to log in.
Ahhh the world we live in. ☕😌
- I'm counting the days until Google decides it "necessary" to scan our faces to log in.
  When my Instagram login got locked due to inactivity, they want my phone number rand a selfish as part of the reactivation process.
  Fuck that, it's not important enough for me to go through that kind of bullshit.
- Times simular to your exaggeration will come and people will say "But it's their service! If you want to use it, you have to follow their rules". Not understanding that they're slowly handing over control over their lives because we live in a modern time where everything is about technology. Sad to see how many people don't understand this and disagree with me when I say that I'm infuriated over this.

- Google is lying to you. They don’t want your phone number to “verify it’s you”. They want your phone number because it’s an effective measure against bot accounts.
  There you're correct that they are lying and don't want the number to verify. They want it so they can link the profile they have to an actual person. That'll make the profile more valuable to them. Better tracking etc.

You keep skipping the part where you verify your number. Try that and it'll work better.

30 comments