In spite of the growing popularity of social media and messaging apps, Emails still retain their importance. We use it for all official and otherwise important and formal correspondences, all our important reports - medical, financial, professional get delivered to it, and if it is a Gmail address, then it also ties everything to its Google account, where you would typically have all your valuable documents stored and invaluable photos saved.
Now imagine losing access to all of those, suddenly, over something you casually overlooked or were previously cavalier about. There are various ways one can lose access to their Google account. Some are more ubiquitous than others, so there is a very strong argument about better understanding what needs to be done to be able to keep your Google account accessible all the time.
It is important to remember that this is NOT a blog on account recovery. There are several of them around (my favourite being this one) and it is pointless to add one more to that list. This is a blog with suggestions to ensure the continued accessibility of your Google account. So, hopefully, you are reading this when you still have access to your account and can implement the necessary suggestions.
To start off, here's the difference between keeping your account secure and keeping it accessible: To keep your account secure, you enable 2-step verification on the account. To keep it accessible, you enable all possible 2-step verification options.
For ease of understanding, we will divide this blog into two parts:
- Actions you need to perform in your Google Account.
- Best practices.
Section A: Actions you need to perform in your Google Account. The sooner, the better.
Add both the account recovery options - email address and phone number while creating the account itself or immediately thereafter. The Google Accounts user verification system uses the two recovery options for different purposes and one is not considered a substitute for another.
Also, periodically check access to your recovery options and update the details for any changes in either of those recovery options at the earliest. It is absolutely essential to ensure the accessibility of your Google account. For relevant details, refer to: https://support.google.com/accounts/answer/183723?hl=en&co=GENIE.Platform%3DDesktop.
It is always a good idea to opt-in for the 2-step verification, Google's version of 2-factor authentication. While setting it up, be sure to set up multiple backup options (as many as you possibly can) and definitely save the backup codes (they come in batches of ten 8-digit codes) separately from the device and the account. It helps during emergencies.
For relevant details on Google's 2-step verification, please refer to this help article: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop&oco=0.
If you are using passkeys, learn how to fix issues related to lost or missing passkeys by visiting this help centre article - https://support.google.com/accounts/answer/13548313?hl=en.
If you have enrolled for Google’s most secure Advanced Protection Program, https://support.google.com/accounts/answer/7519408?co=GENIE.Platform%3DAndroid&hl=en, learn how to fix issues related to it here - https://support.google.com/accounts/answer/7539956.
Section B: Best Practices. The more times you do them, the more secure and accessible your accounts remain.
The system can insist on additional verification when it suspects a scenario as unusual and it is best to be prepared for those. The system usually takes into consideration multiple data points to determine if a sign-in for an account is genuine or not. As such, it will mostly treat the device and the location where the account is commonly or recently accessed from (depending on other factors of course) as safe and trusted. However, if it detects an attempt to sign in to an account from a different (read previously unknown) device, location, & network, simultaneously from distant geographical locations, after deletion of browser cookies, a device format or after a period of time among others, the system may, as guided by the flags raised, either insist on additional verification beyond the usual username-password combination, send out a suspicious activity alert for status determination, or deny access. So, always ensure the account is signed in from another device through which access to a new/unknown/specific device can be verified.
For additional and relevant details on these topics, please refer to this help article: https://support.google.com/accounts/answer/7162782?co=GENIE.Platform%3DAndroid&hl=en.
Check where your password is getting saved because forgetting a password is common. Make sure your passwords are either written down somewhere safe and separate from the device and the account and/or saved within the browser or the browser's password manager for you to recall. It is better to know beforehand where your passwords are stored.
If you've used a non-Chrome browser, check if the password is stored under the browser’s password manager.
- Firefox - https://support.mozilla.org/en-US/kb/password-manager-remember-delete-edit-logins.
- Safari - https://support.apple.com/en-us/HT204085.
- Edge - https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336.
For Chrome, check if the password is saved under a different Chrome profile by visiting the https://passwords.google.com/ page on other accounts.
On this topic, you should also read up on ways to create a strong, secure password - https://support.google.com/accounts/answer/32040?hl=en and on ways you can save, manage and protect your password - https://support.google.com/accounts/answer/6208650?hl=en.
Sign in to your account periodically from a browser. Especially, if it is an account that you happen to use for third party activities such as gaming, social media, etc. It keeps you in the habit of knowing important things related to the account and updating obsolete details.
Do not create closed "loop" references where one account is set as the recovery account for another and vice versa.
If you use Google Voice to get verification codes, you could lock yourself out of your account. So, be mindful of this. Strictly from a security perspective, I would recommend using other virtual numbers that are not connected to the Google Account in any way.
Check on the usability of recovery/verification options ahead of your travels, especially if you are relocating to another country. It's best to access your account via the Google apps from mobile devices where you're already signed in, as attempts to sign in to the account using a browser from a new network and location may trigger additional verification challenges as described in detail above.
Some of us are in the habit of performing a factory reset on our Android devices. Go through this checklist before you or you allow someone else to perform a factory reset on your device - https://support.google.com/accounts/thread/75668397/checklist-before-you-or-you-allow-someone-else-to-perform-a-factory-reset-on-your-device?hl=en as it can be too late otherwise. Always remember to check that you actually know the password instead of assuming that you do.
Be mindful of the emails you interact with. The threat of phishing emails are more real than many of us can imagine, and it can cause you inestimable damage. So, before you interact with an email that may appear unusual or suspicious, make it a habit to check a couple of things:
To check if the email is genuine - you can start by reviewing the following help article: Check if your Gmail message is authenticated.
- If a message was correctly DKIM signed, a "signed-by" header with the sending domain will appear.
- If a message was SPF authenticated, a "mailed-by" header with the sending domain name will appear.
- Also, refer to this help article for additional information: Extra info next to sender’s name to further assess the genuineness of the message.
So, what if the email is genuine, but contains suspicious, malicious links? To mitigate that threat, hover over the link to check where it leads to before clicking on it. On mobile devices, you can tap and hold (“long press”) on the link to display a menu that shows the destination URL among other details.
For any doubts, directly contact the person or the institution using another option.
Be cautious when accessing your Google Account from a public computer or someone else's device. Read through this help article for device-specific instructions:https://support.google.com/accounts/answer/2917834?hl=en&co=GENIE.Platform%3DDesktop&oco=1
Finally, you should routinely check for unauthorized activities on your devices and your Google account.
Regularly, get your device and other peripherals checked. I'd suggest you consider running a reputed Anti-virus, Anti-spyware, and Anti-malware on all devices you use and if suspicious, call up or visit support for your device(s) for a detailed check. You can also contact your internet and cell phone service providers (ISP and carrier) to ensure the settings are not compromised.
In Gmail, the easiest way to check for unauthorized account access/suspicious activity is to click on the Details link below the Last account activity link at the bottom of the Gmail Inbox view page*. It includes any time that your email was accessed using a regular web browser, a POP client, a mobile device, etc. and lists the IP address that accessed your email, the associated location, as well as the time and date. If you find any suspicious IP addresses that may have been used to compromise your account, use a reverse IP lookup site such as https://ip-lookup.net/ or https://whatismyipaddress.com/ip-lookup to acquire more details about the IP address and confirm that it is something suspicious or not.
*In certain inbox layouts, such as Unread first with preview pane enabled and a conversation selected, you may not see the Details link. In that case, simply reload the page to see that option in the preview pane or open Gmail in the Basic HTML view - https://mail.google.com/mail/u/0/h/1a2ysfx0bylfq/?, to see that link below your storage detail.
Check under your Gmail settings for any change in your POP/IMAP, Forwarding and Mail delegation settings.
Also check if anything new is added to your browser(s) in terms of extensions, scripts, add-ons, etc.
You can visit the devices activity page to check on the recent devices used to access your account and Sign out of them by clicking the 3-dot (more/overflow) icon at the top-right corner of the individual device tile.
You can look at the various apps and sites with access to your account: https://myaccount.google.com/connections.
For more information on account security:
- Read through this help article: https://support.google.com/accounts/answer/46526?hl=en.
- Tips to stay safe and secure online: https://safety.google/security/security-tips/.
Should you have questions, please post them as comments or better, post them as questions in the specialized Google Accounts Help Community by clicking on this link: https://support.google.com/accounts/thread/new?hl=en.
Last updated on: March 12, 2024.
Hello , I have a different phone but same number as the one I used for my main account but when I press send verification code to my number it sends but there is no where to input the code and when clicking send verification code to "etc. Number " it switched to a different page there are no keys or space where you can input the code and there's Teo options after it switches which it gives you " send to email" but I cannot use it since I put 2 verification code on and it still needs to approve its my phone but it needs the code
ReplyDeleteDo you not have access to other options such as an authenticator app, backup codes and other backup phone number? I do not recommend to set up and use just one option for 2SV on your account. You should at least have a couple, if not more.
DeleteI have been trying for over a month to recover my email. The unsurmountable problem is, I chose gmail as my primary email. My phone was stolen and i use this email to verify log ins to banking and other freelance work apps, its impossible to get anything done. Something is very wrong when the only option I get is text or my phone. Same recovery email since I opened my account in 2015. I have also used a device I used b4, and wifi that I have used many times before. They ask me no questions thou i get a message saying I didnt answer correctly. I finally found the recovery message in my yahoo account and it says that link is no longer available. I tried signing in again since the message stated two factor verification would be turned off. Now they said it will be another 30 days What kind of game are they playing. Thank you in advance for any help you provide Sonia
DeleteThe link sent to your recovery email address is only active for a brief period of time for security reasons.
DeleteThis article https://support.google.com/accounts/answer/9412469?hl=en explains why an account recovery request may be delayed and it has to do with the system's interpretation of the situation based on the data points used for evaluation. As this process is now fully automated and can't be expedited, you have to wait for that period of time.
Please do not include any PII (personally identifiable information) in your comments here. I shall not be able to publish your comments in those cases.
ReplyDeleteAlso, for your account recovery issues, the best place to post is the specialized Google Accounts Help Community: https://support.google.com/accounts/thread/new?hl=en. I also spend some amount of my free time there. If I happen to respond to your threads, feel free to say, "Hello". :)