It happens a lot.
That’s a synthesis of the comments I get frequently on some of my most viewed content: my articles and videos on account recovery.
Folks are often pissed at me because the process doesn’t work — even though I usually start by saying, “This process might not work.”
Call this “tough love” if you like: I hate to harp on it, but there’s really no one to blame but yourself, no matter how many “thumbs down” you give me. Instead, learn from the situation and take the steps you should have taken to begin with to make sure this never happens again.
Become a Patron of Ask Leo! and go ad-free!
Getting your account back
If you’ve lost access to an online account and the account recovery or “lost password” processes don’t work, it’s likely you’ve lost the account forever. It’s critical that you keep your account secure to begin with and that you keep recovery information set and up-to-date in the event you need to prove you are the rightful account holder.
When account recovery fails
Account recovery fails for one and only one reason: you are unable to prove that you are the legitimate account holder and should be allowed access to the account.
Online services are in a constant battle with hackers and others attempting to gain access to accounts they shouldn’t be allowed to access, so the services establish processes that only the actual account holders can complete to prove they are who they say they are. If you cannot complete that process successfully, the service has no way to know you’re not some hacker trying to break in.
Frustrating as hell, I get it, but that’s the bottom line.
There are several ways this can happen.
Failure #1: Incorrect or missing account recovery info
The most common reason people lose access to their accounts is because they failed to set up account recovery information, or they let that account recovery information fall out of date.
Account recovery information includes things like alternate email addresses, phone numbers, or recovery codes. Setting up each of those when you create the account or while you have access to the account allows you to prove to the service you are the account owner if and when you need to recover the account.
If you can receive a code at an alternate email address or text message that you set up, then you must be you. It’s as simple as that.
If you can’t — perhaps the email address no longer works or you changed your phone number without updating the account — then you have no way to prove your identity.
Lesson #1: Set and maintain account recovery information for all your accounts.
Failure #2: Changed info
A very common complaint I hear is, “I entered what I absolutely know to be the correct password, and it failed.”
If the password fails and everything else is correct (the username is correct, you’re signing into the real site and not a fake phishing site, etc.), then no, your password is not the correct password. Chances are someone hacked into your account and changed it. Your password is not your password any more.
But it can get worse.
Once hackers gain access to your account, on some services it’s possible for them to go in and change all that recovery information we talked about to prevent you from being able to recover the account. Most services will notify you using the old recovery information, but a) not all do, and b) if you’re also suffering from failure #1 above, you might never get the message.
The password’s been changed, the recovery information’s been changed, and you have no way left to prove you are the legitimate account holder. It’s not your account any more.
Failure #3: Expecting customer service
Oh, my, do people get angry at this point. They’ve lost access to their account and they want to reach out to the service’s customer support options for help recovering the account.
Except there are no customer support options.
Free is free, and you get what you paid for. Even so-called “online chats” or “give us the last password you remember and a few message subject lines and we’ll get back to you” options are typically completely automated, and often fail with zero recourse. There is no person to call, there is no person to email, and there is no person to talk to.
You’re on your own.
Lesson #3: Understand what you’re (not) getting. Switch providers if you need more.
Like I said above, I really hate to harp on this stuff — I’m as tired of it as you are. But I continue to see it so often that I can only hope my constant reminders will help you either:
- Learn from your mistakes and avoid having this happen to you again.
- Learn from the mistakes of others and avoid this terrible experience.
Want tips on keeping your account secure? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.