How I Lost Access to my Google Account for Weeks Thanks To Two-Step Verification

I should have written this post six months ago when it happened, but better late than never eh?

Thanks to the recent Wired article about the hacking of  Mat Honan’s Amazon, Apple, Google and Twitter accounts I’ve noticed people saying they are turning on Google’s two step verification process. The purpose of this post is NOT to tell you not to use it but just some words of caution.

If you’re not familiar with two-step verification and how it works here’s a handy video.

Now for the rest of the story!

As a frequent travel and user of free wi-fi I activated Google two-step verification process a couple of years ago.

It was a little time intensive setting up (generating all those specific passwords for devices or services)  but I felt totally worth it for the extra security it gave me. The app on my android phone was easy to use and since I am NEVER without my phone, always there when I needed it.

Then in January a series of events culminated in the “perfect storm” that led to a nightmare of trying to regain access to my Google account. Like Honan I will freely admit some of these are my fault, though not from major neglect or arrogance but rather life being life means these sorts of things occur occasionally.

First, my Android phone had some serious problems and in attempt to fix it a complete reset was done, deleting my Google Authenticator app.  In order to install it I need to generate a code from my Google account on the computer to authenticate it was me. Except. I needed a code from the App to enter on the computer to verify it was me. Begin endless cycle. Uh Oh.

I have several devices connected/signed into my Google account – the phone, my iPad, my desktop computer and my netbook.  This caused more problems.

When you sign up for authenticator you are given a series of preset codes for just this purpose and told to guard them with your life. I had them printed and safely put away and knew exactly where they were. That is until I moved a few weeks prior. I hadn’t finished unpacking yet and I had NO idea what box this tiny, yet oh so important piece of paper was squirreled away in.

No big deal, I thought, I’m still signed in on the desktop thanks to a cookie. The iPad works. The phone doesn’t work but not the end of the world, but uh oh the Netbook doesn’t work and I’m getting ready to leave for a professional trip Texas for ALA MW. I can’t get into Google Docs on the iPad because it prompts me for a code from the app. I can’t get into some Google services on the Desktop because they prompt me for a code from the app.

Ok I’ll tell Google I need to reset. I have two options the first get a text on my cell. Great! Except. It was an old cell number, remember I just moved, so that wasn’t going to work. It’s also worth noting at this point that even when I did regain access to my account I could not figure out how to update my mobile number.

So I thought, ok I’ll use my back up email address.

Here’s how that process works. For the record it was a BRUTAL reminder that as far as Google is concerned I am not a customer. I am not paying for a product I do not have the normal recourses a paying customer might and I’m not Robert Scoble so my social media efforts at getting help were ignored.

I clicked the link indicating I need to remove two-step verification from my account. About 24 hours later I got an automatic email at my back up account saying that my request had been received and that someone was working on it. In about another 24 hours I’d get an email saying this

Hello,

We’re glad to see our records indicate that you were able to sign in to your XXXXXXXX@gmail.com account!

Since you recently added 2-step verification to your account, you might have trouble accessing your account using a mobile device, installed chat clients such as Google Talk, or email clients such as Outlook and Thunderbird. To allow them to access your account, you need to sign in to them using an application-specific password. Here’s how:
http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056286

If you’re still having trouble signing in to web-based Google services, such as Gmail and Docs, reply to this message and we’ll be happy to assist you.

Remember how I could still access my email and calendar on my iPad? Yeah apparently since I was able to do that it would flag that I was back in. I replied to the message saying as politey as possible what happened and that NO I was not back in. Nothing happened. No answer.  I waited another day. I did the reset option again, again with the same explanation. I got the same form emails. I replied. I received no response. My email record shows this went on for over a week.

At one point I actually tracked down a number for Google and called them. There was no way for them to help me. At this point I would have gladly thrown money at them to fix the problem but that wasn’t an option. In fact, the fact that it isn’t an option to have  “pro” account started me wondering exactly what Google was getting from our relationship because they clearly don’t want my cash but they are sure giving me a lot of services for “free”, but that’s a dark road and one best explored in a different post.

I finally gained access to my account. I considered changing email providers after this, even to one I had to pay for but never found a good option. I’ve also since found the codes in a box and managed to update my phone number with Google.

Like I said this isn’t meant to encourage you not to use two-step verification, but to be cautious. And remember that if you’re not paying for it, you’re not a customer.

 

 Read More

Similar Posts:

Share and Enjoy:
  • Twitter
  • Facebook
  • Google Bookmarks
  • del.icio.us
  • Tumblr
  • email
  • Print
  • LinkedIn

Use Facebook to Comment on this Post

25 comments for “How I Lost Access to my Google Account for Weeks Thanks To Two-Step Verification

  1. Amanda
    August 8, 2012 at 8:34 am

    I was at a small conference recently where the presenter was trying to access his slides from his Google Drive account. Except he needed to do the two-step verification. We were underground and his phone had no reception. Cue five minutes of awkwardness while he ran outside. I stopped using the two-step verification for the same purpose since I work in a basement all day.

    • August 8, 2012 at 7:03 pm

      Hi Amanda – I haven’t even thought of issues like that! great point thank you for sharing!

    • Brian Duff
      August 15, 2012 at 1:42 am

      It must have been some other issue: the Authenticator app does not require an cell or data connection in order to generate a code for two step verification.

    • z
      March 12, 2013 at 3:10 pm

      Please provide with a computer idiot’sguide to destroy murder disable this 2 step verification. I cant find help from google. I cant access my emails on my phone. My outlook has gone cuckoo. Im dead in the water. Who can help. Step by step. I dont have the freakin 2 step password and I want to kill google please help!!!

  2. August 8, 2012 at 3:27 pm

    Thanks for this. Because of this, I double checked where my backup codes were.

    -Nate

    • August 8, 2012 at 6:38 pm

      You’re welcome Nathan!

    • Johan E.. Bengtsson
      April 27, 2013 at 6:15 pm

      RIght, but where the devil do I find the backup codes?! I know they are supposed to be SOMEWHERE, but via “Account” I only find a page where they are mentioned and that recommends me to “back them up or print them”. Not very helpful!

      • April 29, 2013 at 8:39 am

        If I remember correctly they displayed on the screen when you signed up for two step verification and you needed to print them out right then.

      • kumar
        May 23, 2013 at 11:16 pm

        You can print back up codes or generate new back up codes anytime by going to account settings ,select security on left menu and click settings button under 2 step verification,now you”ll see printable backup codes on left and show backup codes hyperlink on the right,click the hyper link on the right a pop up window will display with codes.

  3. Liz
    August 10, 2012 at 11:28 am

    For future reference, Google does offer a ‘pro’ option – Google Apps for Business, priced at $5-10 per month. I haven’t used it but have colleagues who do and are happy enough. You get more space, no ads, and, crucially, 24/7 customer support.

    • August 10, 2012 at 6:42 pm

      Thanks Liz! I knew about business accounts but hadn’t looked into, cuz, well I’m not really business. But I might check it out, it may be worth it to get someone on the phone if Google is your lifeline to everything!

  4. Whitni Watkins
    September 23, 2012 at 9:54 pm

    Just the other day I had to go in and add some codes (ones that I will never remember because they are so obscure) for application access. I decided at the time (after recently updating my pw to a more secure pw) to remove 2 step verification and Google provided a pop up message stating something along the lines “if you are removing 2-step verification due to problems accessing an application please read this (insert external link)” Upon reading your post I thought maybe I don’t want 2 step verification on my email…..I haven’t decided quite yet but I want customer service if something goes wrong.

  5. Yuri
    March 7, 2013 at 5:15 am

    Basically, if you lost your phone, you lost access to your Google account. If you’re travelling abroad, there’s nothing you can do other than fly back to your country :-)

    No customer support either, because the support asks for the data you can get after you log in and you can not log in without the phone.

    No one can help you. And if you need to pay for Google Apps, your email just stops working and you’re cut off from you customers.

    Which means that for 50 bucks a year Google destroys your business.

    Clever.

    And everything is your own fault, not Google’s :-)

    • Matt
      April 3, 2013 at 12:17 am

      If you leave yourself in a position where you can’t authenticate, that’s your fault not google’s. Google provides 2 ways to authenticate with the second factor: an app, and SMS. They also provide backup codes. If you leave yourself without your backup codes, then you better make sure you don’t lose your phone. And next time, take your backup codes with you, or at least make sure you can access them somehow. I had some on a piece of paper in my wallet, and in an encrypted file in my dropbox, and on a piece of paper back home that I could ask a friend to look at.

  6. Matt
    April 3, 2013 at 12:25 am

    So you lost your phone, had an out of date number down, and lost your backup codes? That sounds like you lost access because of bad luck/planning and not because of 2 factor authentication. I appreciate you are taking some responsibility for it, but the title is a bit misleading.

    It’s like one of those “I forgot my password and had the wrong backup email address on file” stories.

  7. Lorie
    April 4, 2013 at 7:56 pm

    I am experiencing the same thing. Someone hacked into my account and robbed me of USD550 in my Paypal. I wrote to them a couple of times and got back to me saying that I was able to sign in. I was able to provide them with exact labels, month I created the account, etc.

    You said, “I finally gained access to my account…”

    How were you able to do this?

  8. May 1, 2013 at 2:39 am

    Your current post has verified helpful to us. It’s quite informative and you’re obviously really educated in this area. You have got exposed my personal face to numerous thoughts about this subject using intriguing, notable and strong content.

  9. May 10, 2013 at 1:41 pm

    The book, first published in hardcover in 2004 by Putnam, is also available in paperback.
    We address those signs and answer many of your
    questions that have been ignored by other books written on the
    subject. Features Features include: live chats, your own private mailbox, video messages,
    ability to see how many people are online, see who is
    interested in you, email alerts.

  10. Chris
    June 9, 2013 at 9:32 am

    I no longer have the phone number I had entered to receive the codes via sms due to terminating my contract with the provider and I remembered the whole code-entering-authentication when I wanted to log into my gmail through the web browser. I went through the reset procedure, provided all 5 labels, 5 frequent contact etc they requested me and still got a reply that someone is working on it and should expect to have a reply within the next 3-5 business days but it’s been over a month now. Never thought of downloading extra security codes or entering a back up phone. Now that’s a problem.

  11. Brian Parkinson
    July 11, 2013 at 5:55 am

    Glad you got back on line. I have not. I had a google account since the beginning but introduced 2 step verification in order to pay for something 43 days ago. Now I am unable to get into any services. Probably my ‘fault’, fortunately google mail is not my principle mail address so I guess it is goodbye to the account.
    I wonder how many people also give up?

  12. G.T.
    April 12, 2014 at 2:05 pm

    This article is from a few years ago, so I want to ask – do you know if it’s still a problem getting your account retrieved at e.g. your laptop computer, if you remain logged in on e.g. your iPad? I don’t want to lose TOTAL access to my gmail account, so I was planning to stay logged in there while putting in my request with them for help. But now I’m afraid I have to log out of everything in order to not send up the flag to them that I was able to “regain” access, when I was not. Any thoughts appreciated, thanks!

  13. August 8, 2012 at 11:38 am

    I have to retract the following statement, “In addition I know, for example, with 2-Step verification, Google periodically asks you to verify your phone number, back up email addresses and etc so that if something does happen, the most current information is available for them to reinstate the account.”

    Upon posting I realised that that Google does this for all of its accounts, since I’m asked on Google accounts that do not have 2-Step verification enabled.

  14. August 8, 2012 at 11:40 am

    Hi Lisa 
    The title was not intended as link baiting but was a summation of what happened as I see it I’m really sorry you’ve chosen to see it a seo baiting. 

    As I said big potions of this were my fault however I DID NOT ever ignore a request from google or gmail to update number. I would have updated promptly. 

Leave a Reply

Your email address will not be published. Required fields are marked *