Comment by dataflow

9 hours ago

> No notice that I had better have access to that "recovery" email address that I hadn't bothered to keep up to date

The rest of your complaints make sense but this one is bizarre. It's a recovery email, isn't having access to it the entire point? Like what else did you think it was supposed to be there for beside being accessible?

Google clearly misused it for something else, and you have a strong argument they shouldn't have. This one sentence just needlessly weakens the argument.

3 comments

dataflow

Reply
cwillu  8 hours ago

The point is that an or relationship was silently converted into an and relationship, which is a _very_ different relationship between two factors.

wl  4 hours ago

I never expected to need to recover the account because I used a strong password stored in a password manager that I had adequately secured and backed up.

  • simoncion  6 minutes ago

    Exactly.

    It was pretty sobering when Google demonstrated to me a new and novel way that made them the actual threat to my account security. I thought that by carefully refusing to publish anything with their add-ons (YouTube, Docs, Android Store, etc, etc) that I'd avoid getting swept up in an autoomated account-wide bannination, but, nope. A perfectly ordinary login to the account I'd had for years from the exact same location and IP address I'd used the day before was "suspicious" and required "recovery".