Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Google Security

'An Example of a Very Sad Google Account Recovery Failure and Its Effects' (vortex.com) 185

Time magazine once described Lauren Weinstein as an internet-policy expert and privacy advocate. Also a long-time Slashdot reader, he now brings this cautionary blog post "to share with you an example of what Google account recovery failure means to the people involved..."

In this case it's a 90-year-old woman who "For at least the last decade... was just using the stored password to login and check her email," according to an email Weinstein received: When her ancient iPad finally died, she tried to add the gmail account to her new replacement iPad. However, she couldn't remember the password in order to login.... I don't know if you've ever attempted to contact a human being at google tech support, but it's pretty much impossible. They also don't seem to have an exception mechanism for cases like this.

So she had to abandon hopes of viewing the google photos of her (now deceased) beloved pet, her contacts, her email subscriptions, reminders, calendar entries, etc... [I]t's difficult to know what to say to someone like this when she asks "what can we do now" and there are no options... It's tough to explain that your treasured photos can't be retrieved because you're not the sort of user that Google had in mind.

Weinstein adds "this is by no means the worst such case I've seen — not even close, unfortunately." I've been discussing these issues with Google for many years. I've suggested "ombudspeople", account escalation and appeal procedures that ordinary people could understand, and many other concepts. They've all basically hit the brick wall of Google suggesting that at their scale, nothing can be done about such "edge" cases.
Here's Google's page for providing an alternate recovery email address and phone number. Unfortunately, the 90-year-old woman's account "was created so long ago that she didn't need to provide any 'recovery' contacts at that time," according to the email, "or she may have used a landline phone number that's long been cancelled now..."
This discussion has been archived. No new comments can be posted.

'An Example of a Very Sad Google Account Recovery Failure and Its Effects'

Comments Filter:
  • Write it down (Score:5, Insightful)

    by quonset ( 4839537 ) on Sunday May 21, 2023 @01:43PM (#63540059)

    I am not blaming this woman for her problems. This falls squarely on Google. That said, everyone needs to write down their passwords for every account they have and store them in multiple places. And by writing them down I mean both on paper and digitally.

    Forget password managers or relying on your browser to store your information. Write them down.

    • Re:Write it down (Score:4, Insightful)

      by sjames ( 1099 ) on Sunday May 21, 2023 @02:11PM (#63540091) Homepage Journal

      And preferably lock the list in a fireproof box.

      In other words, the opposite of what the security experts have screamed for the last 30 years. I find it hard to blame users who didn't take that important precaution.

      • Re:Write it down (Score:5, Informative)

        by rastos1 ( 601318 ) on Sunday May 21, 2023 @03:34PM (#63540223)

        ... the opposite of what the security experts have screamed for the last 30 years.

        Not really:

        "And when people say don't write your password down. Nonsense. Write it down on a little piece of paper and keep it with all the other small bits of paper you value - in your wallet."

        Bruce Schneier - 2010 [schneier.com]

        Microsoft's Jesper Johansson urged [cnet.com] people to write down their passwords.

        This is good advice, and I've been saying it for years.

        Bruce Schneier - 2005 [schneier.com]

        • Re:Write it down (Score:5, Insightful)

          by iAmWaySmarterThanYou ( 10095012 ) on Sunday May 21, 2023 @04:05PM (#63540309)

          So when someone steals my wallet they get my passwords, too?

          No. Write them down and store them in a safe or bank box or with a trusted family member or whatever.

          But definitely not your wallet.

        • by sjames ( 1099 )

          Yes, in the mid aughties 10 or more years after the bad advice came out. And many in IT missed that memo for a long time. Some still haven't seen it apparently.

        • I genuinely respect Bruce Schneider, but there's not a person in the world who has gone through their life without saying something supremely stupid. Keeping your passwords *IN YOU WALLET* which is easily lost or stolen along with the literal keys to your online persona is supremely stupid.

      • Re:Write it down (Score:4, Insightful)

        by sound+vision ( 884283 ) on Sunday May 21, 2023 @03:37PM (#63540227) Journal

        "Don't write your password down" is good advice for an accountant working in a busy office, being tempted to put a sticky note on their monitor. In 1993 that was the only scenario where someone would even have a password. Except maybe a PIN number for a bank card, and it's not a good idea to write that on the back of the card either.

        I never really saw anyone advising against keeping passwords locked in a safe inside their own home.

        • by sjames ( 1099 )

          The sticky note thing is right enough (that's how someone I knew in the early '80s got access to the school systems grade databases), but I can tell you I got a LOT of funny sideways looks when I advised people in the late '90s to write their work passwords down and keep it in their wallet (not in their desk drawer or 'cleverly' taped under the keyboard).

          Naturally the PIN for a bank card should not be kept with the card. That stays home in a locked box.

          • Naturally the PIN for a bank card should not be kept with the card.

            I tattooed mine on a very sensitive part of my body. The only problem is having to explain myself when I walk up to an ATM and drop my pants.

            Oh, and it's a 14 digit PIN.

      • Bruce Schneier, the archetypal [schneierfacts.com] security expert and author of one of the earliest open source password managers has been recommending writing down passwords since at least 2005 [schneier.com]. The people who are telling you to rotate your password every two months whilst having it contain one number,symbol,capital and lower case letter, but no space, quote or backslash whilst being at least six characters but no more than 8 and not having any letters in common with your email address* are not security "experts". They are c

        • by sjames ( 1099 )

          Sadly, I believe it, I have seen way too much real world proof not to.

          Perhaps I should have put expert in quotes.

        • by hjf ( 703092 )

          I work for a multinational company, actually a group of companies operating separately in different countries, under the same general global vision. The OG country is now implementing absolutely stupid security rules. The most important one being that EVERYTHING NEEDS 2FA, NO EXCEPTIONS.

          No more "service passwords", no "tokens", no nothing. Everything has to be manually performed by an user authorizing everything with a 2FA. Also all logins expire in 4 hours, so you have to log back in in the middle of the d

        • Bruce Schneier, the archetypal [schneierfacts.com] security expert and author of one of the earliest open source password managers has been recommending writing down passwords since at least 2005 [schneier.com].

          That was nearly 20 years ago. The world has changed since then, and Bruce has changed his opinion on this. In a more recent blog post he advocates using a password manager and says: "Putting them into a file on your computer, e-mailing them to others, or writing them on a piece of paper in your desk is tantamount to giving them away."

    • Be prepared (Score:5, Insightful)

      by Brain-Fu ( 1274756 ) on Sunday May 21, 2023 @02:24PM (#63540101) Homepage Journal

      Your digital life is *your* responsibility, not Google's.

      All hardware devices eventually fail. Online services fail too. Nothing can be individually trusted in the long term.

      Make redundant backups of all data you care about, including passwords.

      And also, don't trust Google for anything at all. Since their offerings are free, their priority is not you. Paid email will give you much better customer service and won't be trying to make an extra buck off of your data.

      • If it was some small hosting company, not Google, you could contact them (or go to their office), provide your ID and your password would be reset.
        Trying to get Google support to do anything, well, in the past I joked that the easiest way would be to call Putin and ask him to threaten Google with a nuke, but now it seems that even this would not work.

        • Why on earth would Joe Random Hosting Company know what your identity is, in a way that can be verified by a piece of plastic with letters, numbers and images on it?

          The only thing that might be relevant is the bank account that pays the hosting company's bills. And all that proves is that you have the keys to the bank account ; it doesn't prove anything about "identity".

          If you store it in "the cloud" and don't also store it at home, preferably on powered-down not-currently-spinning rust, you don't have it

          • Why on earth would Joe Random Hosting Company know what your identity is [...] The only thing that might be relevant is the bank account that pays the hosting company's bills. And all that proves is that you have the keys to the bank account ; it doesn't prove anything about "identity".

            If you're the person paying, you're the customer. It does not matter is you registered as Mickey Mouse and you don't have the matching ID with picture. If you are the one who pays, they unlock your account password at will. I know because I happen to pay Joe Random Hosting Company for hosting a domain and email and I actually called them on the landline phone some time ago and they actually solved my problem (though the problem was not password related).

      • I would say it is actually an Apple problem more than a user or Google problem. Give an easy password recovery system if you are caching the passwords. The password store system on an iPad is needlessly obtuse; why not have a way to print all passwords. Sure, checks and balances, but people cannot memorize secure, unique passwords.

    • I am not blaming this woman for her problems. This falls squarely on Google. That said, everyone needs to write down their passwords

      I also agree with you, but I think it goes far beyond simply "remember/record your passwords". The main problem here is that Google has built a product for which they cannot (or will not) scale support for, which I find unacceptable - people using the service will likely need some level of human support at some point, and should be able to get it without so much difficulty.

      Imagine if there was a popular insurance company that provided really, really cheap rates, but made it super difficult/nearly impossible

      • by dgatwood ( 11270 )

        Mod up. Like nearly all big companies, Google never takes customer support seriously until it affects enough people to make the front page of the New York Times.

        Above a certain size, in the absence of strong leadership demanding it, large companies inherently behave in an anti-consumer fashion even if the company is trying to do the right thing, because there is no one who is both responsible for seeing these sorts of critical problems that affect specific individual users and simultaneously has the author

        • The thing is even very large companies and important people basically resort to former employees who went to work for google and current employees with a buddy on the inside.

          Google will do anything they can to not give a fuck and the buddy system is good enough that people who matter won’t ever get burned bad enough for anything to end up on the front page.

    • That won't work. (Score:5, Insightful)

      by denzacar ( 181829 ) on Sunday May 21, 2023 @03:13PM (#63540183) Journal

      We're in a token world [wikipedia.org] now, whether we like it, hate it or it kills us.
      In short - lose your phone, kiss your life goodbye. Social life, business life, educational... you might experience a mental health crisis. [mayoclinic.org] Or several.

      Or at least, say goodbye to all your data associated to your Google account - from phone numbers, emails (contacts as well as messages), logins to websites and apps, your data on said sites and apps, "backups" you've made, apps you've bought, real life services you registered to contact you through that email and phone number... plus everything you had on that particular phone.
      BTW, do you use your phone for banking? You will spend some time standing in various lines and filling out forms.
      Cause now your phone, or more precisely that particular piece of hardware with THE particular OS installation AND whatever else Google is using to cook up your "account ID" - that is your single and only identifier.

      Password? Google will simply decide to not recognize it as a valid form of identification and will try to send you a token. To your phone.
      Recovery email? Same thing. You will be led back to the page listed in the summary above, which will keep you circling around through menus until it tries to send you a token. To your phone.
      Google Authenticator codes? Did you print them out? Do you remember where they are? Are they still in sync? Do you have your phone with you?

      Google has replaced "what I know-have-am" scheme with what is essentially a highly fragile piece of technology that can be stolen, broken or lost VERY easily.
      Also, you are supposed to replace that piece of tech every so often with a brand new one. Or face the consequences.

      Fucking ransomware is more humane.

      • Which is, of course, why you don't put sensitive data on your phone.

        Well, it's why I don't put sensitive data on my phone. You can do what you want to set yourself up for the horrors you describe. Or you can choose to not do that. Your choice. You don't have to participate in these data-mining operations.

    • And I might add, always always ALWAYS have your data (including passwords!) backed up somewhere else, either locally or on removable media, or both.

      Moral of the story: Never trust Google to help you in a time of need, because they won't. Google services are great, right up until the moment they're not.

  • I've been told that, if you have a friend at Google, there's a "secret way" for a Google employee to help recover an account.

    That being said, I have no access to my Google accounts due to changes in Google policies. Not sure when/why/how my password stopped working. But that's OK, since frankly I'll be happy for Google to garbage collect that account, particularly if they also garbage collect all the information associated with that identity. (But I know they won't do that.)

  • Before I work on anyone's computer, I make them buy a backup service and ( if possible ) let it do a complete run before I start work.

    Why? I'm not using any referral links, I've just seen the after effects of desperately trying to recover data ( dead kid's pictures, legal documents, ect... ) from a failed drive too often. Naturally I'm only ever brought in after the shit hits the fan. So now I make a huge deal of it, with everyone I work with.

    The only problem I have with google in this case is they are pr

    • ... google ... is ... providing more service then they can support ...

      Than they care to support, want to pay people to support.

      • Sure, either/or. That's kinda been google's jam since forever though, so it's hard to be upset about it.

  • Ditch Google (Score:5, Insightful)

    by renzema ( 84617 ) on Sunday May 21, 2023 @01:56PM (#63540073)

    I had a free g-suite account with my own domain. When Google threatened to kill off these, I moved the family over to Zoho. Yea, it’s a few bucks per month and the spam filters aren’t quite as good as Google. But you you what I get? A human at the other end of the support line that actually looks at my problem and responds, something that never happens with Google. Paying a few bucks a month to be the customer rather than the product is worth it.

    • by fermion ( 181285 )
      Which is the key here. Google offers a free service. It is not buy a product, like a car, and get regular maintained free for a couple years. It is completely free. And can be provided as such because the marginal costs are insignificant.

      So you should have data backed up locally. You should have credentials written down. With an iPad all credentials can be backed up on iCloud. But having undue expectations for a free service is not reasonable.

    • Same story, except I moved to self hosted incoming mail (using another company for outbound SMTP though) and have waaay less spam now. I found the ability to block a whole ASN has done wonders for reducing spam.
  • by Max_W ( 812974 ) on Sunday May 21, 2023 @02:21PM (#63540097)
    would be a serious security problem for everyone.

    Learning could be done only via the own pain. Forgotten password and lost data means the well learned lesson of password significance. Unfortunately, there is no other way.
    • by sinij ( 911942 )
      An instant account recovery without adequate authentication be a problem. A combination of a delay, in-channel notification, and alternative authentication would not be a security problem.
      • by dgatwood ( 11270 )

        An instant account recovery without adequate authentication be a problem. A combination of a delay, in-channel notification, and alternative authentication would not be a security problem.

        The risk, of course, is that if recovery is possible, that means a bad actor with internal access can surreptitiously hijack an account or add another authorized device.

        One solution, of course, is for accounts to have different levels of security depending on your level of paranoia, and for weak two-factor to be the default (weak as in "present your photo ID in person and we can get around the lack of a second factor"). But the problem with that approach is that anybody who enables encryption is then seen

      • Alternative authentication is the problem. People who signed up for gmail back then provided nothing but their unverified name (often just first name) and desired email address. No way to prove whose email account this really is one the owner has lost all access to the account.

        Google is not the only company with this dilemma. I know someone who had a yahoo email, which was hacked and used for fraud. They got a live person at Yahoo customer service, but were told there is no way to recover the account. The
    • There's pros and cons.

      Apple thinks they can mitigate the risk enough for account recovery through identity verification to be a pro. I think from a marketing point of view, Apple is right as usual.

    • No one is asking for it to be easy. They are asking for it to be possible. There are many ways of proving your identity and ownership. We have literal centuries of legal precedent showing how it works in business.

      Doing something perfectly normal (something that important institutions like your bank are legally required to do) is not "security problem for everyone".

  • Port the landline over to any number of companies that will
    - provide an SMS termination point and forward that inbound SMS to her (non google or new google) email
    - ring an ATA or softphone at home
    - do it until the code is recovered, then reconnect the landline like it's 1985.
    - I've done the first one many a time. Cost is under $25 for setup + one month.

    OR the non-techy approach:
    - file a lawsuit. Pro se (representing yourself) should cost under $100 filing fee
    - once the lawyers get involved there's your om

    • She likely doesn't have that landline number anymore. I've fortunately never lost access to old accounts but it certainly has come close. Accounts were tied to my landline at a previous address. I don't have a landline anymore. But, even if I did, I'm in a new address and would have a new number. A landline is a terrible recovery mechanism because the numbers churn so often. Mobiles are better but not perfect.
  • I didnâ(TM)t rtfa but the summary didnâ(TM)t mention what was wrong with it. Could be the solution here.
    • You can't repair an iPad for pretty much any hardware breakage. I've been down this path a few times, they -always- take the iPad and send you a new one if you're under warranty or can pay.

      If it was a software issue then maaaaaaaaaybe there's a slim chance it can be fixed.

  • All of their shit is gone now. Even though I own the domain they used, and know the email too, I couldn't do anything about it because I didn't know that particular password.

    I got the email reminders, I just looked one up, an excerpt:

    Weâ(TM)ll automatically close your account and delete your data on or after Dec 25, 2018.

    Merry Christmas. There went pictures and who knows what all else. Thanks Google!

  • .. and buried stuff in the backyard and forgot where ...
    • Safes can be easily opened by professionals and a metal detector costs anywhere from 50 to 200 for a good one to find your buried backyard treasure. There is no similar option for a lost Google account.

  • Either offer people a paid option that comes with some sort of support system. Google kinda sorta does this with business customers and those that say, pay for a Google Drive plan but even then it never feels "real".

    And while I understand this lady could have taken more precautions and has some ways to maybe push back here at the end of the day Google has her stuff and she wants access. If Google really refuses to offer because it's the right thing for your customers then at least offer a service for a few. This woman would probably gladly play $10-50 for 30 minutes of actual human time in which they could easily figure out her ID and restore access.

  • but something that will continue to happen.
  • When I listed my phone number to recover (after email recovery failed) i was given the message: "Google cannot verify that this phone number is associated with you" and that was it. Fortunately, I am a google FI subscriber so I called google fi, I could still open apps on my phone just not on any computers or using any webites that I used google authentification for such as Indeed and a host of others. So I hit the call for help button on the google fi app and described my situation. I'm like - Google c
  • Comment removed based on user account deletion
  • Basically, your account goes inactive for X months, and the necessary links to recover specified data are sent to a trusted contact you specify.
  • Even if you do remember that password and do everything right, that server where that information resides on is not yours. You're relying on a service that can cease to exist at any moment.

    And we're talking about Google. It's not like there has never been a precedent of just that happening.

  • They also don't seem to have an exception mechanism for cases like this.

    How does Google know the difference between the 90 year old woman and the phisherman trying to convince Google that he's the 90 year old woman?

    Write down your passwords!!

  • If she or anyone else in similar situation were to have a lawyer contact google's attorneys either they would get a useful response or they'd have to file a suit in which case they would get the right to subpoena google's records on them, such as everything in the account or a reset password if it had to go further, etc.

    I don't care how expensive their attorneys are, at the end of the day they have no excuse in front of a judge as to why they can't retrieve and rest an account.

    • Depends on specifics of the case. If the account was created with a name "greatest grandma", there is no way she could prove it's hers. You could try to subpoena the photos, but even there the judge might rule it's a privacy violation to allow anyone to subpoena any random account photos. My guess is that the likely outcome of a somewhat expensive action would be that the account would become permanently frozen, so that nobody can use it to impersonate whoever was the actual owner.
      • With the infinite amount of tracking, de-anonymizing and other privacy invading shit Google does plus the fact that her IP will match their records and they can look at her email and pictures and such, this would be trivial to demonstrate in court that it is her account.

        In cases where privacy is an issue, the judge can look at the evidence in question and make a decision without turning over the pictures to anyone with a lawyer (as you correctly note that is a problem).

        But I think google's legal team would

  • There are humans at Google? I don't believe it. A company run like this has no humanity, never has. I've always assumed it was bots replicating bots all along.

  • Usually, I would say, "no pity". But this is not a service aimed at professionals. Hence Google would do well to make sure everybody has the full recovery options and there actually is an exception path. But this is Google. All they care about is profits. Their users are not of any interest to them and are actually their product.

    The only solution I see is a legal requirement to make account recovery possible in all cases (including when somebody dies by the heirs) and access to actual human support that is

  • by winphreak ( 915766 ) on Sunday May 21, 2023 @05:27PM (#63540475)

    We have the username and password. The family chromebook crashed, recovered, and when signing in forced us to use our account recovery methods. Knowing the password is not enough to get into the account. You have to be able to use one recovery method or it fails.

    Username and password that don't let you in your account. Only Google security can dream that one up.

  • PSA: If you are using a Google account for *anything*, try to go through the account recovery process *before* you lose access to your account. Google will ask you all sorts of asinine questions for you to prove that you own the account, and you won't remember the answers to any of them (e.g. What was the *exact* date you created your account?) Go through and figure out the answer to each and every question until you're able to recover your account. Until you do, try to handle Google's "try again, harder

  • All this, and yet once in a while someone falls through the cracks and are unable to access something very important no matter what.

    "The king knows all about you, has shiny knights all around with big swords, majestic stone walls around the villiage, and he is one of the best army men around who could never be taken by surprise. But he left you forgotten in the castle dungeon by mistake after your drunken night at the tavern and you starved to death. Sorry about that."

  • Specifically one that you can export or print out all records. Personally I use KeePass.
    The Windows version is regularly updated, has an installable executable as well as a portable version. It is also in the Debian Stable (Main) branch and has several unofficial contributions packaged for other distros.

    I have a relative that was recently diagnosed with dementia. They had done all their investing, banking, etc. online for several years. By the time I finally found out and took them to the hospital, they

Experiments must be reproducible; they should all fail in the same way.

Working...