I should have written this post six months ago when it happened, but better late than never eh?
Thanks to the recent Wired article about the hacking of Mat Honan’s Amazon, Apple, Google and Twitter accounts I’ve noticed people saying they are turning on Google’s two step verification process. The purpose of this post is NOT to tell you not to use it but just some words of caution.
If you’re not familiar with two-step verification and how it works here’s a handy video.
Now for the rest of the story!
As a frequent travel and user of free wi-fi I activated Google two-step verification process a couple of years ago.
It was a little time intensive setting up (generating all those specific passwords for devices or services) but I felt totally worth it for the extra security it gave me. The app on my android phone was easy to use and since I am NEVER without my phone, always there when I needed it.
Then in January a series of events culminated in the “perfect storm” that led to a nightmare of trying to regain access to my Google account. Like Honan I will freely admit some of these are my fault, though not from major neglect or arrogance but rather life being life means these sorts of things occur occasionally.
First, my Android phone had some serious problems and in attempt to fix it a complete reset was done, deleting my Google Authenticator app. In order to install it I need to generate a code from my Google account on the computer to authenticate it was me. Except. I needed a code from the App to enter on the computer to verify it was me. Begin endless cycle. Uh Oh.
I have several devices connected/signed into my Google account – the phone, my iPad, my desktop computer and my netbook. This caused more problems.
When you sign up for authenticator you are given a series of preset codes for just this purpose and told to guard them with your life. I had them printed and safely put away and knew exactly where they were. That is until I moved a few weeks prior. I hadn’t finished unpacking yet and I had NO idea what box this tiny, yet oh so important piece of paper was squirreled away in.
No big deal, I thought, I’m still signed in on the desktop thanks to a cookie. The iPad works. The phone doesn’t work but not the end of the world, but uh oh the Netbook doesn’t work and I’m getting ready to leave for a professional trip Texas for ALA MW. I can’t get into Google Docs on the iPad because it prompts me for a code from the app. I can’t get into some Google services on the Desktop because they prompt me for a code from the app.
Ok I’ll tell Google I need to reset. I have two options the first get a text on my cell. Great! Except. It was an old cell number, remember I just moved, so that wasn’t going to work. It’s also worth noting at this point that even when I did regain access to my account I could not figure out how to update my mobile number.
So I thought, ok I’ll use my back up email address.
Here’s how that process works. For the record it was a BRUTAL reminder that as far as Google is concerned I am not a customer. I am not paying for a product I do not have the normal recourses a paying customer might and I’m not Robert Scoble so my social media efforts at getting help were ignored.
I clicked the link indicating I need to remove two-step verification from my account. About 24 hours later I got an automatic email at my back up account saying that my request had been received and that someone was working on it. In about another 24 hours I’d get an email saying this
We’re glad to see our records indicate that you were able to sign in to your XXXXXXXX@gmail.com account!
Since you recently added 2-step verification to your account, you might have trouble accessing your account using a mobile device, installed chat clients such as Google Talk, or email clients such as Outlook and Thunderbird. To allow them to access your account, you need to sign in to them using an application-specific password. Here’s how:
If you’re still having trouble signing in to web-based Google services, such as Gmail and Docs, reply to this message and we’ll be happy to assist you.
Remember how I could still access my email and calendar on my iPad? Yeah apparently since I was able to do that it would flag that I was back in. I replied to the message saying as politey as possible what happened and that NO I was not back in. Nothing happened. No answer. I waited another day. I did the reset option again, again with the same explanation. I got the same form emails. I replied. I received no response. My email record shows this went on for over a week.
At one point I actually tracked down a number for Google and called them. There was no way for them to help me. At this point I would have gladly thrown money at them to fix the problem but that wasn’t an option. In fact, the fact that it isn’t an option to have “pro” account started me wondering exactly what Google was getting from our relationship because they clearly don’t want my cash but they are sure giving me a lot of services for “free”, but that’s a dark road and one best explored in a different post.
I finally gained access to my account. I considered changing email providers after this, even to one I had to pay for but never found a good option. I’ve also since found the codes in a box and managed to update my phone number with Google.
Like I said this isn’t meant to encourage you not to use two-step verification, but to be cautious. And remember that if you’re not paying for it, you’re not a customer.
- Strong Passwords Aren’t Enough: How to to Ensure the Apple and Amazon Exploit Never Happens to You
- Set Up Google’s Two-Step Verification Now for Seriously Enhanced Security for Your Google Account
- Turn On Gmail’s ‘2-Step Verification.’ Now.
- Google’s Matt Cutts urges users to adopt 2-step authentication in aftermath of ‘Epic hacking’ incident
- This Is The Best Way To Make Sure Your Gmail Password Stays Safe
- No excuses: It’s time to turn on two-step authentication
- Google’s head of webspam demystifies two-step authentication in wake of recent security breach
- Why You Should Use Google’s Two-Step Login
- Google is rolling out two-step verification for all accounts
31 thoughts on “How I Lost Access to my Google Account for Weeks Thanks To Two-Step Verification”
I was at a small conference recently where the presenter was trying to access his slides from his Google Drive account. Except he needed to do the two-step verification. We were underground and his phone had no reception. Cue five minutes of awkwardness while he ran outside. I stopped using the two-step verification for the same purpose since I work in a basement all day.
Hi Amanda – I haven’t even thought of issues like that! great point thank you for sharing!
It must have been some other issue: the Authenticator app does not require an cell or data connection in order to generate a code for two step verification.
LikeLiked by 1 person
Please provide with a computer idiot’sguide to destroy murder disable this 2 step verification. I cant find help from google. I cant access my emails on my phone. My outlook has gone cuckoo. Im dead in the water. Who can help. Step by step. I dont have the freakin 2 step password and I want to kill google please help!!!
It’s wonderful that you folks who had such a time with googles’ code system, can still talk calmly. If I couldn’t run a company any better than that I’d hide somewhere and not look back. That same problem has been nagging me for weeks, and we go round and round, and get nowhere. Codes and someone may have changed your password are the usual lingo. What a pain!!! Anyhow try again. What really makes it frustrating is that we aren’t given a phone number to talk to a real person, as is done with most business dealing. After using google for years it’s hard to say “BYE”
I have to retract the following statement, “In addition I know, for example, with 2-Step verification, Google periodically asks you to verify your phone number, back up email addresses and etc so that if something does happen, the most current information is available for them to reinstate the account.”
Upon posting I realised that that Google does this for all of its accounts, since I’m asked on Google accounts that do not have 2-Step verification enabled.
The title was not intended as link baiting but was a summation of what happened as I see it I’m really sorry you’ve chosen to see it a seo baiting.
As I said big potions of this were my fault however I DID NOT ever ignore a request from google or gmail to update number. I would have updated promptly.
Thanks for this. Because of this, I double checked where my backup codes were.
You’re welcome Nathan!
RIght, but where the devil do I find the backup codes?! I know they are supposed to be SOMEWHERE, but via “Account” I only find a page where they are mentioned and that recommends me to “back them up or print them”. Not very helpful!
If I remember correctly they displayed on the screen when you signed up for two step verification and you needed to print them out right then.
You can print back up codes or generate new back up codes anytime by going to account settings ,select security on left menu and click settings button under 2 step verification,now you”ll see printable backup codes on left and show backup codes hyperlink on the right,click the hyper link on the right a pop up window will display with codes.
For future reference, Google does offer a ‘pro’ option – Google Apps for Business, priced at $5-10 per month. I haven’t used it but have colleagues who do and are happy enough. You get more space, no ads, and, crucially, 24/7 customer support.
Thanks Liz! I knew about business accounts but hadn’t looked into, cuz, well I’m not really business. But I might check it out, it may be worth it to get someone on the phone if Google is your lifeline to everything!
Just the other day I had to go in and add some codes (ones that I will never remember because they are so obscure) for application access. I decided at the time (after recently updating my pw to a more secure pw) to remove 2 step verification and Google provided a pop up message stating something along the lines “if you are removing 2-step verification due to problems accessing an application please read this (insert external link)” Upon reading your post I thought maybe I don’t want 2 step verification on my email…..I haven’t decided quite yet but I want customer service if something goes wrong.
Basically, if you lost your phone, you lost access to your Google account. If you’re travelling abroad, there’s nothing you can do other than fly back to your country 🙂
No customer support either, because the support asks for the data you can get after you log in and you can not log in without the phone.
No one can help you. And if you need to pay for Google Apps, your email just stops working and you’re cut off from you customers.
Which means that for 50 bucks a year Google destroys your business.
And everything is your own fault, not Google’s 🙂
If you leave yourself in a position where you can’t authenticate, that’s your fault not google’s. Google provides 2 ways to authenticate with the second factor: an app, and SMS. They also provide backup codes. If you leave yourself without your backup codes, then you better make sure you don’t lose your phone. And next time, take your backup codes with you, or at least make sure you can access them somehow. I had some on a piece of paper in my wallet, and in an encrypted file in my dropbox, and on a piece of paper back home that I could ask a friend to look at.
So you lost your phone, had an out of date number down, and lost your backup codes? That sounds like you lost access because of bad luck/planning and not because of 2 factor authentication. I appreciate you are taking some responsibility for it, but the title is a bit misleading.
It’s like one of those “I forgot my password and had the wrong backup email address on file” stories.
I am experiencing the same thing. Someone hacked into my account and robbed me of USD550 in my Paypal. I wrote to them a couple of times and got back to me saying that I was able to sign in. I was able to provide them with exact labels, month I created the account, etc.
You said, “I finally gained access to my account…”
How were you able to do this?
The book, first published in hardcover in 2004 by Putnam, is also available in paperback.
We address those signs and answer many of your
questions that have been ignored by other books written on the
subject. Features Features include: live chats, your own private mailbox, video messages,
ability to see how many people are online, see who is
interested in you, email alerts.
I no longer have the phone number I had entered to receive the codes via sms due to terminating my contract with the provider and I remembered the whole code-entering-authentication when I wanted to log into my gmail through the web browser. I went through the reset procedure, provided all 5 labels, 5 frequent contact etc they requested me and still got a reply that someone is working on it and should expect to have a reply within the next 3-5 business days but it’s been over a month now. Never thought of downloading extra security codes or entering a back up phone. Now that’s a problem.
Glad you got back on line. I have not. I had a google account since the beginning but introduced 2 step verification in order to pay for something 43 days ago. Now I am unable to get into any services. Probably my ‘fault’, fortunately google mail is not my principle mail address so I guess it is goodbye to the account.
I wonder how many people also give up?
This article is from a few years ago, so I want to ask – do you know if it’s still a problem getting your account retrieved at e.g. your laptop computer, if you remain logged in on e.g. your iPad? I don’t want to lose TOTAL access to my gmail account, so I was planning to stay logged in there while putting in my request with them for help. But now I’m afraid I have to log out of everything in order to not send up the flag to them that I was able to “regain” access, when I was not. Any thoughts appreciated, thanks!
I had similar almost issue with google. I used to have an authenticator app and before removing it I changed the primary on google account to my cell number. I stopped using google for a long time.
When I got a new computer, I tried to log into gmail and it asked me for the code. I did not remember what I used for receiving code. Luckily, my cell number worked.
But, Hotmail is better when authenticating codes. It gives me various options to send the code. I can set it up to receive authentication in many ways and even if my cell phone gets destroyed, I can still get my code through other means I set up.
Can you provide the number you used to contact google? I’m having similar issues.
I’m not happy that google keeps telling me I don’t have enough info to get back into my g mail account I have some very important info I need to retrieve. I would like to know how to turn off the 2 step verification without signing in or using a password.
Two step verification is a huge pain in the ass! I recently had to have my iPhone repaired and then had to completely reset all of the setting on my iPhone. I am stuck, I can’t remember the date I set up my gmail acct and the backup email address I used is no longer working. I contacted Google and was told that they could do no more than I was doing to get me back into my account! I’ve had to create a new gmail account. WHAT A HEADACHE!
I filled out a application for a account with Google the only had to get was the code i have the code how ever can’t get application back to complete the application