HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nitn

no profile record

Submissions

Google asking to verify code from the same email to reset password

twitter.com
12 points·by nitn·4 tahun yang lalu·0 comments

Ask HN: Google has locked me out of the account

63 points·by nitn·4 tahun yang lalu·45 comments

How to De-Escalate a Cyber Conflict

arxiv.org
2 points·by nitn·4 tahun yang lalu·0 comments

comments

nitn
·4 tahun yang lalu·discuss
Update: Now it says "Unavailable because of too many failed attempts. Try again in a few hours."
nitn
·4 tahun yang lalu·discuss
No. My issue is that to reset the password, Google is asking me to get something from an email which I don't know the password for. And that too when I have a recovery phone number setup on the account.

Asking to verify a code from the email for which I'm trying to reset the password is stupid and defeats the purpose of having a "recovery" phone number.
nitn
·4 tahun yang lalu·discuss
Note: I have a recovery phone number set on the account. A code is being sent to my phone, after I enter the code, that's when I'm being asked to verify the code from the same email.

I wouldn't be bothering about the account if I had not set a recovery phone number.
nitn
·4 tahun yang lalu·discuss
>I can verify the phone number but then it keeps asking me to verify a code that's sent on the same email.

I have a recovery phone number in there. I'm verifying it everytime Google asks me to, but then it takes me to verify the code from the same email that I don't have access to.

It makes no sense but that's what's happening.

Here's the flow of how it's going.

Forgot Password → Enter the phone number ending with XX → Enter the code sent to your phone → Enter the code sent to your email (the same email).

I've tried the recovery methods, there's no other way that Google is offering me to recover the account. I'll happily answer all the security questions if Google asks me to.
nitn
·4 tahun yang lalu·discuss
> How do you want Google to solve this?

The current way Google is asking me to verify makes no sense. I don't know the password for the email, how do they expect me to go into that email and verify the code when I don't know the password.

> And how can they be certain you’re the owner?

I am already verifying the code from the SMS that Google is sending to the phone number on the account.

I know that there's no way to actually get this done, but I can verify that's it's my account.

I can verify that I'm the owner of the account Google has been sending the payments for AdSense.

I can verify by signing in from the usual devices that the account was previously signed in from.

Suggest me another sensible way, I'll do it because I'm the owner.
nitn
·4 tahun yang lalu·discuss
Thanks for the resources. I have already started moving away from Google because I've read nightmare filled stories about people getting locked out for various reasons.

I never thought it would happen to me in this manner. It makes no sense that it's asking me to verify the code from an email that I'm telling them I don't have the password for. Even when I have a recovery phone number set on the account.
nitn
·4 tahun yang lalu·discuss
I have SMS setup, but it still asks me to verify the code being sent to the same email.
nitn
·4 tahun yang lalu·discuss
I actually have no reason to be stuck here because all these years, I was easily able to reset the password by verifying with a code on my phone number. It does send a code now as well, but then it's asking me to also verify the code being sent to the same email.
nitn
·4 tahun yang lalu·discuss
Unfortunately it's a gmail account, not an external email account.
nitn
·4 tahun yang lalu·discuss
> Truecaller’s database that includes users who did not register and did not give consent to having their numbers identified.

That's the problem with maintaining absolute privacy. The privacy and security of your information depends on other people even if you do everything to save it.
nitn
·4 tahun yang lalu·discuss
Privacy Policy: We do not collect any data.
nitn
·4 tahun yang lalu·discuss
There was a website with a large collection of security blogs. I cannot seem to find it now.
nitn
·4 tahun yang lalu·discuss
Why is the government using Google Analytics (which is now illegal in some countries) instead of self hosting an analytics solution.
nitn
·4 tahun yang lalu·discuss
nitn
·4 tahun yang lalu·discuss
Once the my data is in your server. There is no way for me to know what you are doing with my data. You could be selling it. How will I know?
nitn
·5 tahun yang lalu·discuss
These "unusual activity" detecting algos are a menace. If I use a VPN to access my account, blocked.

Had this issue with Paypal & Digitalocean. Reddit shadowbans accounts made with VPN.
nitn
·5 tahun yang lalu·discuss
That's KinderJoy
nitn
·5 tahun yang lalu·discuss
Can confirm. I created an account for a client but I was using a VPN to avoid conflicting with my own personal account.

It was blocked but DO unlocked it once I explained it in an email to them.
nitn
·5 tahun yang lalu·discuss
That's Indian Police. They simply don't have the computer literacy among them.

The article says 'VOIP calls', I'm pretty sure that's just WhatsApp calls and Police got excited that someone is using WhatsApp calls to do their dirty work.
nitn
·5 tahun yang lalu·discuss
I use SimpleLogin as well, it's a great solution and it baffles people when I just make up an email address with my domain and give it to them on the go (thanks to catch-all).

I have this one thing bothering me. How do we know that SimpleLogin is not making a copy of the email? Do we simply trust SL not to do that or do we have a way to verify it?