It happens a lot.
That’s a synthesis of the comments I get frequently on some of my most viewed content: my articles and videos on account recovery.
Folks are often pissed at me because the process doesn’t work, even though I usually start by saying, “This process might not work.”
Call this tough love if you like: there’s really no one to blame but yourself, no matter how many “thumbs down” you give me. Instead, learn from the situation and take the steps you should have taken to begin with to make sure this never happens again.
Getting your account back
If you’ve lost access to an online account, and the account recovery or “lost password” processes don’t work, it’s likely you’ve lost the account forever. It’s critical that you keep your account secure to begin with and that you keep recovery information up to date in the event you need to prove you are the rightful account holder.
When account recovery fails
Account recovery fails for only one reason: you are unable to prove that you are the legitimate account holder and should be allowed access to the account.
Online services are in a constant battle with hackers and others attempting to gain access to accounts they shouldn’t be allowed to access. The services establish processes that only actual account holders can complete to prove they are who they say they are. If you cannot complete that process successfully, the service has no way to know you’re not some hacker trying to break in.
Frustrating as hell, I get it, but that’s the bottom line.
There are several ways this can happen.
Help keep it going by becoming a Patron.
Failure #1: Incorrect or missing account recovery info
The most common reason people lose access to their accounts is that they failed to set up account recovery information or they let that account-recovery information fall out of date.
Account recovery information includes things like alternate email addresses, phone numbers, or recovery codes. Setting up each of those when you create the account (or any time you have access to it) means that if and when you need to recover the account, you can prove to the service that you are the account owner.
If you can receive a code at an alternate email address or text message number that you set up, then you must be you. It’s as simple as that.
If you can’t — perhaps the email address no longer works, or you changed your phone number without updating the account — then you have no way to prove your identity.
Lesson #1: Set and maintain account recovery information for all your accounts.
Failure #2: Changed info
A very common complaint I hear is, “I entered what I absolutely know to be the correct password, and it failed.”
If the password fails and everything else is correct (the username is correct, you’re signing into the real site and not a fake phishing site, etc.), then no, your password is not the correct password. Chances are someone hacked into your account and changed it. Your password is no longer your password.
But it can get worse.
Once hackers gain access to your account, on some services, it’s possible for them to go in and change all that recovery information we talked about to prevent you from being able to recover the account. Most services will notify you using the old recovery information, but a) not all do, and b) if you’re also suffering from failure #1 above, you might never get the message.
The password’s been changed, the recovery information’s been changed, and you have no way left to prove you are the legitimate account holder. It’s not your account anymore.
Lesson #2: Do everything you can to prevent your account from being hacked. Use a password manager, long, strong, unique passwords, and two-factor authentication wherever possible.
Failure #3: Expecting customer service
Oh, my, do people get angry at this point. They’ve lost access to their account, and they want to reach out to the service’s customer support options for help recovering the account.
Except there are no customer support options.
Free is free, and you get what you paid for. Even so-called “online chats” or “give us the last password you remember and a few message subject lines and we’ll get back to you” options are usually automated and often fail with zero recourse. There is no person to call, there is no person to email, and there is no person to talk to.
You’re on your own.
Lesson #3: Understand what you’re (not) getting. Switch providers if you need more.
Do this
I hate to harp on this stuff — I’m as tired of it as you are. But I continue to see it so often that I can only hope my constant reminders will help you either:
- Learn from your mistakes and avoid having this happen to you again.
- Learn from the mistakes of others and avoid this terrible experience.
Want tips on keeping your account secure? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
New Years resolution… every new year check that all your alternate email addresses, phone numbers etc. are correct.
Thanks Leo, this reminder is timely. As you write in Lesson #1 … maintain account recovery information. It really is NOT once and done, we have to keep at it.
Happy New Year to Leo, Mark and all the readers.
Some times email gets hacked and someone else gets your password. Going forward, that email address now _usually_ belongs to the hacker and they also have access to all your old email; sent and received. I guess that is one reason why I never leave my email on the email server. I download incoming email to MY computer and it is deleted from the email server. While that won’t help if my email address is “stolen” and a recovery code for some other service is sent to my “stolen” email address, at least the hacker will not be privy to my old email. I only use one device. If you share devices for reading email, downloading your email will usually prevent accessing your saved email on other devices.
I have two email accounts, and I have secured both with a strong password (stored in my password vault) and 2FA so even if some miscreant discovers the password to one of my email accounts (or both), they will not be able to make any changes to any of my profile information/account settings (password, alternate recovery email address, et-al) without the device from which I access my authenticator app.
On a side note, regarding password security, I saw this item (https://www.codeproject.com/Articles/5348966/No-need-to-Store-Encrypt-or-Memorize-Passwords) that I’m considering testing to replace my password vault. The concept looks very interesting to me. What do you think Leo?
Ernie
If I understand it, it’s still storing SOMETHING, that’s then use algorithmically to reconstruct the password. I’m not seeing a huge difference between that and encrypted passwords. In either case if the master password and algorithm is known, then the passwords — remembered or generated — would be fetchable. I could be wrong, but that’s what I take away from it.
I recently learned about a DuckduckGo.com service for email that promises to strip trackers that are invisible in the email body before the email is delivered to your email mailbox.
It seems like a legitimate layer of security which could prevent hacking too. Using this “alias”, allows the user to insulate his/her destination email address from anyone you do not fully trust. It also offers the use of disposable addresses too.
I’d love to hear what you think of this DuckDuckGo.com service. Legitimate claims or false hope.
Very good information. However, I have an issue that wasn’t addressed. I don’t own a mobile/cell phone, and I choose not to own one. Many times, they will want to text me a code (although sometimes, they will agree to send it to my email). One site insisted I needed a cell phone, so I borrowed one. Then they wanted me to enter that phone number as my own!!!! I’ve learned that I cannot access accounts on another computer, so often that will trigger a code needing to be sent. If this is the case, I have to wonder if someone else has been attempting to get into my account.
One solution is to get a cheap prepaid “dumb” phone with a low monthly rates.
Another way may be to set up a separate Google account and set that account up for Google Voice. Then use that Google Voice number for your recovery number, and you will be able to get texts to that Google Voice number.
My husband does not use a cell phone, so I set this up for him. Setting up a personal Google Voice account is free as of today (12/19/2025).
Good luck! Hope this helps.
The monthly cost for Google voice is similar to a cheap prepaid cell phone, and you have a cell phone for emergencies.
In Europe, there are prepaid accounts where you pay nothing monthly and a few cents per minute. If you don’t call, it’s free for receiving calls and texts.
As of today, this is what Google says:
“Is a Google Voice number free?
Yes, a Google Voice number for personal use is free in the U.S. for calls/texts to the U.S. & Canada, but requires a linked U.S. number for setup.”
Since Carla is in need of a way to get texts without a cell phone, she can use her own home phone number to get a free Voice account. Google only charges for a Voice account if you want a new/different phone number. Sorry I wasn’t more clear.
Leo, thanks for your very informative communications. I just read yesterday that the FBI is advising everyone to shut down wifi on their phones/tablets when they leave their home. Indeed, it’s getting very complicated to communicate and do business in this world.
I use Idrive backup for Gmail and dropbox, as a last resort. They backup my data daily. I can retrieve anything critical, should the worst happen. I also download these backups to a removeable external drive, which I keep in a fireproof safe. I have too much data in these cloud services to ever lose them.
I have no recovery Gmail or number how can I recover my account
Sorry for the canned response, but this is all we have regarding Google account recovery.
Please review the account recovery options as outlined in this article:
https://askleo.com/access-gmail-without-phone-verification/
If Google’s recovery process doesn’t work for you — maybe you don’t have the recovery email or phone — MAKE SURE to follow Google’s instructions CAREFULLY and COMPLETELY.
If the recovery process can’t be made to work, I know of no way to recover the account. If that’s your situation I’m very sorry.
If you DO recover your account you’ll want to check the steps in this article to prevent losing it again:
https://askleo.com/google-account-hacked/