Have you ever received a message from Gmail telling you there’s something suspicious about the way you’re trying to sign into your account?
Or perhaps you saw a similar message like this:
You can receive either of those messages even if you know with absolute certainty that you entered your password correctly; in my case at least, an incorrectly entered password wasn’t the problem. If your situation is anything like mine, the problem is that Google, in its infinite “wisdom,” has decided that even though you know the correct password, something about the way you’re trying to log in doesn’t seem quite right. You would certainly not be the first person to experience this problem.
If that sounds vague, that’s because Google is being vague, most likely deliberately. There is virtually no official information on this problem, though if you try the option “Ask Google for help getting back into your account,” Google will make it clear that they suspect you of not being the legitimate owner of the account. This tells you only that one of Google’s algorithms is being overzealous, but it doesn’t tell you what prompted the red flag to be raised in the first place.
With several of my locked Gmails, I was able to determine that the problem was caused by my use of different Internet connections. More specifically, I had used an IP address from one ISP or IP range to sign up, and another to sign in, though with the number of Internet-connected devices a typical person has access to these days (e.g. phone, tablet, ultrabook, laptop, desktop), the mere use of a different Internet connection hardly seems to warrant an account blockage. The fact that I only signed into the account months after creating it may also have triggered some red flags.
With one account, I found that Google allowed me back in immediately if I was able to use the Internet connection with which I had originally signed up to log back in. With another, I found that my account remained blocked even when I reverted to said connection. In both cases, however, I found that if you first log in with an acceptable IP address, keep the cookie on your computer, and then switch to another connection, you won’t be signed out or even warned. Go figure.
If the length of time between logins factors into Google’s algorithm, people with many different Gmail accounts (e.g. to reserve desired usernames) may be in danger of having those accounts locked. If you rotate between different Internet connections or VPNs, perhaps between home and work, you may also be in danger of triggering one of these two messages.
The worst part is that when you do receive a message and reverting to the Internet connection you initially signed up with fails to allow you back into your account, you may have no recourse. Unlike other providers, Gmail has no technical support e-mail for you to contact and no phone number for you to call. The “Ask Google for help getting back into your account” option results in an extremely detailed questionnaire that even many legitimate account owners would have difficulty answering. How can you possibly remember the exact day of the month and year of the last time you signed in to an infrequently used account, for example? How can you identify the names of labels if you don’t even use labels? Is it bad if you leave blank the answer to the question “What’s the first recovery email address you remember?” if you don’t use one? Should a typical e-mail user be required to write down all this information on a regular basis just to ensure they don’t get locked out of their account?
There’s always the option of receiving a text or a call, but only if you feel comfortable tying your phone number to a Gmail account you may only use very infrequently, or for a very narrow purpose. And if you have many Gmail accounts, having an equal number of phone numbers to match may itself be a problem. Google only allows each phone number to verify a limited number of Gmail accounts on sign-up, for example. It is unclear if the same limit applies to phone numbers used to unlock blocked accounts.
Even though Gmail has over 1 billion monthly active users as of February 2016, problems such as legitimate account owners being locked out of their own accounts highlight some of the problems with using the services of a huge company without any kind of technical support. If you ever need access to critical information stored only on the e-mail account and nothing you try will let you back in, you could be out of luck. If you are a privacy conscious user, I should also point out that Google can access your e-mail anytime they want to, because your messages are not end-to-end encrypted like they would be with Tutanota or ProtonMail.
More generally, Gmail’s overzealous algorithms are a perfect example of excessive security. If even the homeowner has trouble opening his own front door, his lock has failed its intended purpose.