upvote

points

by ddtaylor4 hours ago |
comments
upvoteby lucb1e1 hours ago|
next
[-]
Wow, it both surprises me but also makes me feel justified in that I keep telling people to make backups of things they care about including something like a Spotify account (if your song lists are dear to them, at least the titles and other metadata that they could rebuild from) and other "cloud" or SaaS services. Anything one cares about, back it up! (Not to you but as a PSA)

Still, it's weird that Google doesn't accept a recovery code. Then again, I had a similar issue where I had nothing set up but a recovery email address and password (back when 2FA was rare), and after confirming both, Google said "well, we still think it's suspicious, why don't you use a device where you're already logged in" (my account had no active sessions that I knew of, besides that I was traveling). Luckily I didn't need it for anything as I had my email moved away already at that time. I still can't access that account today and I switched to throwaway accounts for things like youtube comments or app downloads from the play store (need to download that government authentication software somehow...)

Did Google specifically reject the recovery code as invalid, or did it accept all entries and then their algorithm rejected the login outright?

reply
upvoteby ericbarrett4 hours ago|
prev|
next
[-]
I also had old Google backup codes fail a few years ago. Anybody who hasn't regenerated them in a year or two, I recommend you do so.
reply
upvoteby rektlessness2 hours ago|
parent|
next
[-]
Long-term access recovery typically requires rituals like annual check-ins, media rotation, and human drills. We already do this with annual fire-drills.
reply
upvoteby lucb1e1 hours ago|
parent|
[-]
My password manager has, *checks*, precisely 900 entries. Say that I care about maybe ten percent, that's still doing a "drill" on every single weekend day of the year

Security aspects of software should just work properly. Google should test this and, imo, people should make backups of data they care about. Google might ban you for any reason, no matter if the recovery drill worked 2 hours ago it might not work anymore now. Seems like a fool's errand to keep chasing it instead of making routine (or automated) backups of the things you're still using

reply
upvoteby lucenet4 hours ago|
parent|
prev|
[-]
Well, this is disturbing news.
reply
upvoteby bornfreddy2 hours ago|
parent|
next
[-]
I have (had?) a Google account tied to my email (which is on a domain I own). Not sure if I ever gave them my phone number, initially. Tried to login a few years back, correct password, but they insisted on me entering my phone. Finally I did - and they can't let me in because my "provider is not supported" and they can't send an SMS with the code, so I'm locked out. Tried every few months since then, no go. Fortunately I didn't lose much (except some family photos), but it is annoying as hell. I wouldn't trust Google with anything important. And yes, I tried with an brand new number on a new phone, unrelated provider. No dice. According to reddit I'm far from alone in this. So if you rely on a Google account for anything... Well, good luck!
reply
upvoteby Zambyte3 hours ago|
parent|
prev|
next
[-]
Google services are best treated as a liability.
reply
upvoteby tencentshill3 hours ago|
parent|
prev|
[-]
Make Google Takeouts a part of your backup routine.
reply
upvoteby eljojo3 hours ago|
prev|
[-]
my stomach turned into a knot just reading your story. I know that feel of waking up surrounded by nurses not knowing what happened. I'm so glad you had proper backups!!!!!!!!!!

this exact story is why i built my app, thank you so much for sharing.

my hope is to basically make a next version of your plan that's distributed among friends.

reply