I think I’m up to my fourth one of these notifications from Google/gmail. They say someone tried to log into a gmail account of mine (one which I haven’t used in several years), they were thwarted but I should “check what happened.” When I try to check what happened, I have to log into the account. I have forgotten the password, I don’t remember any password that I have ever used for that account (there was probably only one, I used it for one year for a specific purpose). They don’t offer any other way to convince them that it is my account, if I can’t remember one password that was ever used for that account. When they offer “try another way” all it does is to tell me that it doesn’t recognize me on this device (I was using a different device, a Chromebook, that I don’t have any more) and that I should try again later or on a different device.
I don’t know how worried to be about the efforts to log into this one email. I don’t think they’ll find anything, all the contents were supposed to be destroyed (I was using it on a civil grand jury). But I suppose they might send out some crap emails from that account, filled with viruses and scams.
Nevertheless, it’s nagging at me, and I would like to stop worrying about it. Recommendations?
In theory, Google has a support option. Since it seems that all you really want here is for them to delete this silly account so you can stop worrying about it, perhaps they can at least do that much.
But yes, Google’s security is sometimes a pain, especially their “we don’t know you on this device”. As if people aren’t constantly getting new computers, phones, and tablets.
They seem to be asking me to “check what happened” by logging into the account. I don’t know what I would be able to see from there about a blocked login attempt by someone else, they don’t really go into it any more than that.
The only support I could find is JustAnswer, which is pay to play. $1 for the first week, then $46/month for continued support. I paid the $1 and got the exact same thing I got before. I figured out how to cancel JustAnswer (not exactly transparent). and now I’m just going to forget about it.
If they’re emailing you stuff about an account you’re not currently using, that should mean that your current email account is the one they have on file to contact you about that old account. So that should mean they’d use your current email to allow you to change your password. That they are not doing so would make me question whether the original security message was legitimately from Google.
I’m getting these notifications sporadically too. Me, I just ignore them. It’s an account I created and forgot years ago. At first I thought maybe someone was trying to hack into me, but now I’m not so sure.
You would think so, but the message was from Google, and they don’t accept access to the backup email address as proof that the account is mine. It’s all runaround, all the way down.
That’s bizarre. That’s what happened when my dad lost his password. I had him use the forgotten password thing, and they sent him a link to the email on file, which was used to create a new password.
The only reason I can think of that they are responding that way would be that they suspect you’re also trying to hack the account. But, if you have access to your backup email, that would mean they suspect the backup email has been compromised as well. But then why send any messages to it?
It’s not a good idea to keep around zombie accounts. Someone could eventually find your password and log in. And surely the only verification they can do to make sure that person is you will be sending you an email–to the account they apparently think is likely compromised.
This seems poorly thought out, and is not what I’d expect from Google. If the message is verified to actually come from Google (and not someone modifying the from address to make it seem like it is from Google), then Google is being stupid, IMNSHO.
To be clear here: are these notifications coming to another Gmail account, or another provider? And, if another provider, it is actually good at detecting people who will spoof the from line? And do all links in the email (if any) go directly to actual Google-owned services–i.e. they end with .google.com?
Not sure if that’s directed at me. But assuming so …
IMO they simply chose not to bother making this a solvable problem. It’s not hard technologically. But it is hard bordering on impossible from a trust perspective.
Let’s say you have 2 email accounts at Google, and lose control of one to a hacker / scammer. Now you log on to your account and say “A hacker has taken over my other account; please take it back from them and give it back to me with a new password.” Of course the scammer makes exactly the same claim. How is Google to choose who to believe?
Their other issue is policy. They refuse to have human customer service because that would be expensive and GMail is free. So if they can’t make a bot do it with high enough reliability, it can’t be done. “Can’t be done” as a matter of business policy, not “can’t be done” as a matter of technology.
Some differences between this example and my case: no-one has taken control of the account, someone has allegedly tried to log in and failed, and Google reported that fact to me. And my backup account is not another gmail account, it is a separate provider.
All of my most secure online accounts, banks, investments, medical, whatever, accept an authorization code that they send to my email and that I then type into their screen, as complete proof that I am me. All of that is almost certainly handled automatically. Why can’t Google do that? What is so super duper sensitive about my stupid gmail account that they are all tied up in knots about how to validate my existence? And I was only pursuing it because they made a point of notifying me that I should figure out what’s going wrong.
There’s gotta be money in this somewhere for them. I haven’t figured out yet where it would be. I don’t think it’s the JustAnswer, that sort of thing is too small potatoes. (Just looked it up, it is owned by the CEO of Charles Schwab, Andy Kurtzig.)
IMO their attitude to GMail, etc., is it’s simply a way for them to gather a lot of text for their machine learning. They aren’t trying to run a business-class reliable email system providing all the bells and whistles a non-free provider would provide.
Understand I’m totally on your side here. The stuff you describe is a lot of why I refuse to use GMail or other Google products. Explaining how they’re not nice is different from approving of how they’re not nice. I was just sharing my frustrating experience being tech support for some people who do use GMail.