← Back to context

Comment by wow00

3 years ago

A few weeks ago, I was in a similar situation, I needed to read an email on an old account. I typed my email, my password and then an error, it was blocked for some reason, it asked me to check my recovery email, except that email was never validated (there was a mistake in the domain extension). It should never have blocked an account with a valid password when the recovery email was never validated. I successfully talked to human support, they told me they could do nothing about it. It magically unlocked a few months later, if you lost your account, keep trying, one day you may access it

3 comments

wow00

Reply
ajross  3 years ago

> It should never have blocked an account with a valid password when the recovery email was never validated.

Should it not? Accounts get "blocked" because of reasonable suspicion that they're compromised. It's not just something they do to annoy you. The overwhelming majority of these situations are surely just password attempt exhaustion. You or someone else tried a little too hard to log in with a bad password.

So... your solution is to disallow that security layer for people who have typos in their emails and never went through the recovery process? That sounds like it's going to hurt and not help.

I mean, yes. It sucks to lose access to an email account. It sucks immensely more to be hacked. And to some extent those requirements are in conflict. There are tradeoffs to be made.

  • eviks  3 years ago

    > of reasonable suspicion that they're compromised

    Or more likely an automated unreasonable suspicion

    > Should it not?

    Yes, it should never ask you for a confirmation that is impossible, this is a simple nonsense of design. Also, months is not a useful tradeoff

shortcake27  3 years ago

Weird, I’ve had the exact opposite problem. Added a recovery email years ago before Google required the recovery email to be verified. Then I needed to recover the account, but I was not allowed to do so as the recovery email wasn’t verified. Despite the fact I was never asked to verify it in the first place. What’s the point of a recovery email if it can’t be used to recover the account?