Let’s look at the most common ways.

By far the most common topic throughout the history of Ask Leo! has been account loss and recovery. Originally, it was all about Hotmail, but these days, it’s Google. People lose access to Google and Gmail accounts all too often.
The result, of course, is the loss of years of email, contacts, files, and whatever other Google services they used along the way.
Lockouts and loss happen not because Google’s broken (even though thinking so is a common knee-jerk reaction), but because of preventable mistakes and oversights.
Let’s review what can go wrong and how you can prevent losing your account forever.
How not to lose your Google account
Most lost Google accounts are due to simple mistakes. Outdated recovery info, weak or reused passwords, ignored warnings, and not enabling two-factor authentication are the biggest risks. Stay signed in, keep details updated, and use sound security practices to make sure your Google account isn’t lost forever.
#1: Outdated Recovery Information
This is the single most common reason I see that accounts are permanently lost.
For whatever reason, you have a problem signing in. “No problem”, you think, and you head off to the Google account recovery process. As part of that process:
- Google asks you to enter a code sent to a phone number you no longer have.
- Google asks you to click on a link sent to an email address you no longer have access to.
- Google asks you to acknowledge a confirmation on the Google app running on a device you replaced.
You get the idea. All the points of recovery that you once supplied have fallen out of date. The result? Google has no way to differentiate you from a hacker trying to break in. There’s no way to prove that you are you and should be allowed back in.
Review and update recovery info regularly.
Help keep it going by becoming a Patron.
#2: Weak or Reused Passwords
We’ve all heard the word about weak or easy-to-guess passwords. Creating and using a long, strong password is something everyone is doing these days… right? RIGHT?
There’s another drum that’s been beating that I don’t think people are paying as much attention to: stop re-using passwords. Industry reports indicate this is currently the most common form of simple account compromise. A password is discovered because of a problem with service A, and people find shortly thereafter their accounts at services B, C, and so on are also compromised because they’d used the same password at all of them.
For all accounts, of course, but particularly for your Google account, make absolutely certain not to use its password anywhere else. Use a password manager to keep track of ’em all.
#3: Ignoring Security Warnings
We all get so many warnings — legitimate, accidental, and spam — that it’s tempting to ignore them all. At a minimum, it’s easy not to give them the attention they deserve.
And they do deserve attention — at least enough to confidently determine whether they represent an early warning sign of a problem with your account or are just so much noise and spam.
Take the time to learn what matters in these warnings and what a legitimate warning from your provider — like Google — looks like. Then take the time to examine them when they arrive. Acting on a legitimate warning could save your account.
#4: Relying Only on One Device
I’ve noticed this myself of late: online services are seeing and using the fact that you’re signed in to multiple devices. It’s almost a form of second-factor authorization. You sign into a new device, and you’re asked to confirm that sign-in on another computer or a mobile device where you’re already signed in.
I know not everyone has multiple devices, but if you do, it’s worth signing into more than one of them. Not only can it make signing in to a new device easier, but it’s another mechanism services can use when confirming you are who you say you are. You may need to poke at the account from the other device occasionally to keep the sign-in active — perhaps check email occasionally — but it’s another way to increase the odds of retaining access to your account.
If you are signed in on only one device, and that device breaks or is lost, getting into your account on a replacement device might be more difficult than it needs to be otherwise.
#5: Not Enabling Two-Factor Authentication (2FA)
Tech-help folks like myself, as well as most of the computer security industry, have been beating this drum for a while. Two-factor authentication means that even if someone gets your password — say through a breach of some sort — they still can’t sign into your account.
Two-factor authentication also acts as a form of recovery confirmation. The process of setting up two-factor almost always includes setting up additional backup information, such as recovery codes, that can help get you back into your account in a variety of situations.
Enable two-factor authentication and keep backup codes in a safe place. It’s not nearly as intrusive as you might think.
#6: Using Incorrect or Inconsistent Recovery Attempts
AKA: panicking.
It goes without saying that some of the people I hear from in situations like this are in a full-on panic. Understandable. Unfortunately, panicking leads to some terrible decisions.
The most common error is guessing at the information you’re asked to provide, whether it’s your grandma’s maiden name or the name of your first teddy bear. The problem with guessing is that each wrong answer could be a strike against you, making it even harder to recover your account. Supplying incorrect or inconsistent information is indistinguishable from a hacker trying to get in. When that happens, Google sets the bar — the burden of proof you have to provide — higher.
First: don’t panic. Second: keep a record of important account details. Your password manager is the perfect place for this kind of information.
#7: Ignoring Account Activity for Too Long
As I hope you know, not signing into an account for a long time — two years, in Google’s case — will cause the account to be closed and its contents deleted.
While you and I might know this, not everyone does. I occasionally get requests to help access accounts that haven’t been signed into for five years or more. (I think the longest was 12 years.) Perhaps these are folks who know but are grasping at straws. The result is the same: that account’s forever gone.
The solution is simple: sign in to your account periodically to keep it active.
Do this
Prepare for account recovery, and keep things up-to-date.
Seriously, that’s what it takes to ensure you’ll never lose your account. Gmail account “recovery” is more about prevention and planning ahead than about fixing problems when they arise. A little maintenance — like updated recovery info, strong password hygiene, and two-factor authentication — will ensure you never lose your account.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Greetings – I discovered your channel on Youtube and am a subscriber. I like your clear presentations a lot! I think this question is quite basic, but I saw a lot of people asking about it on gmail help (or wherever). It has to do with an email saying that my gmail would go away because I hadn’t logged in for 2 years. BUT, I had for sure, so what does that mean?
So I logged in again, but how to determine if you are indeed logged in?
Also, if enable 2 factor authentication, what are the repercussions for accessing gmail if set up as an automatic access by Apple mail?
If you’re CERTAIN that you’ve signed in to the account, and it’s the same account that’s mentioned in the email, then I would take it simply as a warning that “Hey, just so you know, if you don’t log in for two years we can close the account”. If the wording is more threatening (like “we’re about to close your account”) it may be something different. But just signing into the account and doing nothing else should be enough.
“It’s almost a form of second-factor authorization.” I don’t understand the “almost”. Isn’t it a form of second-factor authorization? It sends an authentication email and then recognizes your device. Isn’t that how many 2FAs work? They send an SMS or an email, and once authenticated, they continue to recognize that device if you choose “remember me” or something similar.
I have been using Google Chrome forever and have always updated Chrome when available. In the past, I was always asked for my email address and password – 2FA. However, currently, the 2FA requirement for either or both has mostly disappeared, as when I click on the email sign-in, I’m taken to my Gmail account. Why is this?
Email address and password is single factor, not 2FA.
It depends on the specifics of the situation, but Google may simply be remembering you as if you’d checked a “remember me” checkbox. Clearing cookies will tell you; if you have to sign in again after that, then it’s a cookie remembering you.
I retired from IT support in Windows 3 ending my career with ATT. 15 more years as a contractor for HP and other IT outsourcing companies. I am now almost 80 years old and burned out from tech. Technology has overwhelmed millions of people who will never use 90% of windows features. A massive demographic just wants to browse, shop, email, simple Word functions, bank, safely. Harken back to network pcs where programs were on the server and WINDOWS were locked down like a terminal. A fortune awaits servicing this niche. Windows (Senior Edition1.0)
Chromebooks are great for people who just want to browse, shop, email, perform simple Word functions, bank, safely. I bought my 72 year old younger brother a refurbished Chromebook 3 years ago which he is very happy with.