Gmail Account Recovery

To reestablish information and instructions on repairing a lost Google Mail account, and to reestablish your account after recovery.

Gmail Account Recovery and Security

• This article will help you ensure that you have one process to restore a lost Google Mail account and that you are less likely to compromise your account again if necessary.

Account Recovery Walk-Through

Google’s recovery process has become more dynamic in recent years. This means that instead of Google there is a set of questions and both forms the questions ask may be different. Additionally, Google has regularly added, removed or changed the available options. This means that recovery options will vary over time, between accounts, or even between restore tests. If you’ve used account creation in the past, this is probably very different.

Additional sources include the Account Aid Center and Account Aid Forum. Both support searching for topics of interest.

Let’s Be Realistic 

The creation of accounts is designed and is perfect for losing something like your current password. Based on responsible users who keep options up to date with safe and recovery options, you can easily run checks when needed or prove ownership of lost accounts. The more you are missing (recovery phone, recovery email, past password), the more difficult it will be to prove the property. If there are no sufficient items, work, or modified items, it is impossible to prove your property and your account will be lost.

If you have not configured your email or phone for a functioning recovery, you will most likely not be able to prove ownership and restore your account.

If your account is at risk and your recovery options change, you can probably show ownership and restore your account. Fortunately, if it wasn’t a week ago, the previously configured recovery number will be used for checking.

If it is longer than a few months since you last registered with your account, there are no recently used devices/positions/IP addresses. This significantly reduces the ability to demonstrate properties.
Obviously, the above does not mean that account recovery is usually impossible. This is intended to determine realistic expectations of how easy an account is with the information provided to demonstrate ownership of the account. Obviously, not all lost accounts can be restored.

Lost Password Recovery 

The repair process can be started in two ways:

• To register for Google Mail on the https://mail.google.com/ page, enter your email address and click “Forgot your password? Forgot the link.”
• Go directly to Start the Repair Process at https://accounts.google.com/signin/Recovery

As soon as you specify your email address, you will be able to switch to the account manufacturing process. In the past, this was sometimes called an “account recovery form” (ARF), but there is no actual form.

You will then be presented with a few steps to try to prove ownership of your account. The options available are differentiated previously made up of accounts. For example, if a recovery email address is not configured, this option will not be displayed. If options are configured but not up to date, they will be visible, but may not be of any use for restoration. Compromised accounts allow you to view options, but if changed by a hacker, it will not be useful for recovery.

It’s a little different when you enable two-step checks for lost accounts

(https://gmail.goleblog.com/2011/02/advanced-sign-in-your.html). This also applies if your account is

compromised and the hacker has enabled two-step checks to restore your account.

Known Devices – It cannot be emphasized enough how important it is to restore your account from a known device.

A knowledge device is a computer or mobile device that is recently used to register for an account.

Think about it for weeks or even months. For longer than that, it was “forgotten” (no longer recognized).

Previous Password – The restore process often asks about the current or current password used by your

account. This makes more sense for account recovery cases that are not caused by losing your password.

Knowing your password is helpful, but proving ownership itself is probably not enough.

Mobile Devices – If attached to your account, if you use a mobile device, account production is a top priority.

It is considered reasonably certain as it is physically something to the user. Mobile checks may retrieve

various forms, such as device tap entry requests, and receive codes on the device that you need to enter.

Naturally, the device cannot be used for verification if it is lost, stolen, damaged, or upgraded. Therefore,

it’s critical to maintain an up-to-date list of all the devices that are used on the account. Navigate to the

Security tab under Your Devices in Google Account Settings

Phone Recovery:

This feature is very helpful in proving account ownership if a phone number was previously set up on the

account. There are numerous applications for it, such as… 

• putting in the entire phone number.
• obtaining a verification code via text message.
• getting a verification code in a voice call.

It goes without saying that maintaining the phone’s configuration over time is necessary to ensure that it functions properly when needed.

It should be mentioned that Google will remember the previous recovery number for approximately a week if the configured one is altered. Even after an account has been compromised and the recovery options have been modified, this can assist a user in proving ownership of the account. Go to https://support.google.com/accounts/answer/3463280 and look for the “Important” note near the top.  

E-mail Recovery: It’s crucial to have a recovery email address set up on the account, just like a phone number. It’s fairly simple: you enter the address where a verification code is emailed to you. 

An email verification may be sent by the system to the actual lost account in certain restricted

circumstances. In these situations, Google seems to think that you are still logged into the

account on a computer or other device. 

Security Question:

You might be prompted with your pre-configured security question if you added one and your

account is old enough. Even though knowing the answer you set is useful, it is insufficient on its

own to establish ownership. The procedure doesn’t seem to ever use the security question if

you have 2-step verification enabled on the account.  

A security question was no longer supported a few years ago. They can only be removed; they

can no longer be edited or added to accounts.  

Contact Email :

In certain situations, the procedure will request a contact email address, to which a verification

code will be sent. You won’t be able to change the password just because you got this code.

Verifying that you have a functional, active email account that you can access is the goal of this

step. This email address may be used by Google to notify you of the outcome of your account

recovery attempt. 

Achieving a Successful Recovery :

Google will ask you to create a new password for the account if you can provide enough information to prove ownership. This could occur right after the aforementioned procedure is finished, or you might get a link in an email. In any case, you will be able to access the account after creating a new password.

Failed Recovery:

Google will not give your account back if you are unable to provide enough information to demonstrate that you are the account’s owner. After the aforementioned procedure, you might receive a direct explanation. Alternatively, you may get an email at your contact or recovery email address. Although you are welcome to try again—in fact, it may even advise you to—don’t expect a different outcome if you are unable to respond to more of the questions.

Lost Account Name 

If you selected the “Find my account” link on the first page, a list of accounts that match the details you enter will be generated in a series of steps. These are the steps: 

• Give a phone number or email address that has already been set up.
• Enter the account’s first and last name.
• Enter the verification code that was sent to your phone or email in step #1.

If you are successful, you can sign in after receiving a list of accounts that match. The procedure described above will be used to try to recover the account password if you are also unable to remember it.

Accounts With 2-Step Verification Enabled

By requiring a second action or code in addition to the password to access an account, two-step verification gives accounts an additional layer of security. Recovery is therefore a little more stringent for accounts that have 2-step verification enabled. If the hacker has compromised the account and enabled 2-step, this could be detrimental to the owner.

After entering your account name and password, if 2-step verification is enabled, you will be prompted to enter the 2-step verification code using the default method that was set up on your account. There is a “Try another way” link on the page in case you are unable to give the two-step answer. You might now see one or more of the following options:

• a list of additional 2-step verification choices, such as backup codes.
• a list of additional common options for account recovery.
• the above-described standard account recovery procedure.
• a choice to include a contact address for follow-up after several days.

Similar to the above standard recovery procedure, the “Google couldn’t verify..” message will appear if there is not enough proof of ownership. A notice to that effect will appear if Google has enough information to look into the matter further.

Google will notify you at the contact address you provided once its investigation is complete, which could take three to five business days (one week in real time). See https://support.google.com/accounts/answer/9412469 for details on the delay.

The only choice if your request is rejected is to go through the process again and provide more or more precise answers to the questions. It won’t help to just repeat the procedure using the same responses. If you don’t have additional proof of ownership, Google won’t give your account back.

Workspace accounts

Accounts that don’t end in @gmail.com are considered workspaces (formerly known as G Suite or Google Apps). The standard account recovery process might be offered to you. If not, one needs to get in touch with the domain’s workspace administrator, who can reset the password and grant access again. 

Other Recovery Advice and Suggestions

You can significantly increase your chances of a successful account recovery by using the information and tips in this section. Although there are no images in this lengthy section, it is probably a good idea to read it carefully.

Google employs a number of criteria in the account recovery process to identify the rightful owner of an account. You have little control over some, and none at all. But in order to successfully complete the process, it is essential to comprehend them.

Factors you can control before losing your account: Since you’re probably reading this article after losing your account, it’s a bit late for these things. You might not need to return to this article in the future, though, if you keep these in mind for the recovered account and any other accounts you own.

Similar to the above standard recovery procedure, the “Google couldn’t verify..” message will appear if there is not enough proof of ownership. A notice to that effect will appear if Google has enough information to look into the matter further.

Configure the recovery options (phone and email) for each of your accounts. Above all, make sure they are current. This link: https://support.google.com/accounts/answer/183723

Backup codes:

Create a set of ten backup codes and store them somewhere secure if your account has 2-step verification enabled. Also, be aware that the mobile device you use for 2-step verification does not have “safe” on it. This is because you lose both the backup codes and the 2SV device if the device is lost, stolen, broken, or reset

Information about the questions posed and how to respond to them is one of the variables that you can manage during account recovery.

Past password – The most recent password you can reliably recall for the account is the past password. Any password you enter must be 100% correct or it won’t match any entries in the account’s password history when encrypted because Google doesn’t store readable passwords. 

Security question – Security questions can only be deleted; they can no longer be added or changed. However, you might be able to respond to it if you do have one on the account. Presume that the response must be precise—not merely approximate.

Known access type –  Google has stated unequivocally that recovering an account in the same manner as before will greatly aid in the process. Although Google hasn’t disclosed all of their tools, empirical data indicates that they use some or all of the following:

• Browser (possibly connected to cookies that are saved)
• The actual computer or smartphone.If you use an email client or app, try recovering using a browser on the same physical device.
• Actual place.Do recovery from the same physical location if you frequently access the account from that location (home, workplace, etc.).
• IP address. Like the physical location, IP addresses can and do change on a regular basis.

Try the account recovery procedure on each device if the account was used frequently on several.

Explain your problem.(or a comparable field) – On occasion, you will be able to add more details to help demonstrate who owns the account. You can list items that Google can verify in this limited-length, free-format field. However, there are clear guidelines regarding what Google can and cannot use to establish ownership. Things to add

• If you are still able to access the account, what kind of access do you have (browser, mobile, etc.)?
• Reasons for losing account access:

• Account compromise
• Lost authenticator or phone, no backup codes, and a lost password resulted in
• a 2-step verification lockout.
• The challenge of “Unrecognized device”
• The “Something unusual” challenge
• Other security issues that don’t work (secret question, phone verification)

• You can recall more previous passwords.
• if the date of account creation was never requested during the process of recovery.
• You logged into the account successfully the last time.
• Computers or mobile devices that are connected to the account Locations, such as city and country, where the account can be accessed.

Things to leave out

• anything that needs to be verified with account access. The contents of user accounts are not accessible to Google employees for privacy reasons. 
• Anything pertaining to how your email is used or linked on other websites or accounts that you own (such as Facebook, PayPal, etc.).
• anything that could serve as proof of identity, such as official identification documents. Identifying yourself does not imply that you are the owner of a particular account. 

Keep in mind that only data that Google can validate using server logs and account access history will be useful.

Factors beyond your control- An ownership claim on an account can be verified with the help of Google’s wealth of information about email servers. Although none of this is documented by Google, some of these can likely be guessed. 

• places where the account has previously been accessed.
• devices that are used to access the account, including computers, browsers, clients, and applications.
• Among the account access methods used are web, IMAP, POP3, mobile, and others.
• the history of account recovery claims filed on the account, including the date, time, location, and browser used, as well as the computer or device used. This includes if another person is attempting to get back into the same account. 
• The account’s current access types and usage (if it was compromised and a hacker was using it).

• And probably a lot more.

The point is that when you submit a request for account recovery, Google uses a lot more information about the account than you might think.

Problems with account recovery logistics – When performing account recovery, there are several additional considerations to make.

• Giving more and better answers on each try is more important than how many times you repeat the account recovery process. You must put in a lot of effort to provide more answers and improve the accuracy of the answers in future submissions if yours is rejected. If you have nothing new to add, there’s no use in going through the process again.
• Await a response prior to submitting anything new. Wait until the following day if you are told 1-3 hours. If you are told three to five business days (one week in real time), add a day or two.
• Check the Spam or Junk folder on the account you designated for replies if you are not getting a response. Additionally, confirm that the account you are checking is the one you used to validate it with a code in the previous step of the procedure. Check all of the accounts you provided if you made more than one attempt.
• A submission lock may be triggered by duplicate submissions or submissions made without waiting for a response, in which case you will have to wait a few days to try again.
• Guessing at answers (such as the creation date) can lead to the process ceasing to ask that question because it is likely obvious to Google.

If you simply forgot your password and your account wasn’t compromised, there might be another way to

recover your password. You might be able to see your saved password if your browser is configured to

remember your account details. It is possible to view saved passwords in plain-text in both Firefox andChrome. You can use/install Firefox or Chrome, import your settings, and then see if the saved password

is accessible if you’re using a different browser that doesn’t allow this. This may be a simpler method than

the previous ones, but it only works for users who have forgotten their password because they depend on

the browser’s auto-fill feature.

The Google help article on “Tips to complete account recovery steps” is the last one.

https://support.google.com/accounts/answer

Additional Cases of Account Recovery

We’ll assume that you attempted to access your account by going to https://mail.google.com/. You don’t know what to do because it didn’t work. A list of typical scenarios or mistakes and what to do in each is provided below. 

There is a problem with your password- Follow the directions after clicking the “Forgot password?” link on the sign-in page. To demonstrate ownership, you might be able to respond to inquiries about the account or utilize recovery options that you have already set up.  You can’t recall the name of your account (email address) – On the sign-in page, click the “Find my account” link, then adhere to the directions.

To receive an SMS code, you must provide a mobile number.- Observe the given instructions. Mention of “suspicious activity” or “something different” about your sign-in process are examples of this.  

“Ask your domain administrator for assistance.” –  You must get in touch with your Workspace administrator for assistance with this account, which is a Workspace account (NOT @gmail.com). This link: https://support.google.com/accounts/answer/181627
“I apologize, but that email is not recognized by Google.” – The account isn’t there. The account might have been deleted, or the email address might have been spelled incorrectly.  

“Oops…” or “Temporary Error…” or a similar message – For additional information, view the troubleshooter below: Google support: https://support.google.com/mail/answer/140031

Any communications pertaining to underage status – This shows that the system thinks you are too young—typically under 13—to have a Gmail account. Check it out: https://support.google.com/accounts/answer/1333913

Any notification stating that your account has been “Disabled” or “Suspended” – often suggests misuse, a breach of the terms of service, or perhaps a compromised account. When you attempt to log in, adhere to any instructions or links that are provided. https://support.google.com/accounts/answer

“There isn’t another way to access this account on Google.” – often signifies that the account has been disabled. Go to https://support.google.com/accounts/answer/40695 to recover a disabled account.

“This account can no longer be recovered because it was deleted.” – Afterward, the account is deleted. The account cannot be recreated, and there is no way to get it back.

Another mistake not mentioned above – Utilize the troubleshooter found here: https://support.google.com/mail/troubleshooter/2943007

Frequently Asked Questions Regarding Account Recovery

Protecting Your Account

When Your Account Is Reclaimed :

Actually, there are two steps involved in re-securing an account: (1) protecting your Google account, which houses all of the services and products you use, and (2) protecting your Gmail account to ensure that no settings have been changed. Both components must be finished; otherwise, someone else’s changes might be overlooked, opening the account to compromise or re-access.

1. Numerous important Google account settings that require verification are listed in the Account Security Checkup that Google has created. Google will highlight any that seem suspicious or at risk so you can examine them more closely.
https://security.google.com/settings/security/secureaccount

2. For Gmail, Google has also developed a Gmail Security Checklist that does the same thing. The Account Security Checkup from Step 1 is the same as the previous one. Step 2 involves checking a number of specific areas. “Choose a strong password” is the first step, which you should have completed already. “Check your Gmail settings” is the second step, which must be finished completely.
Checklist: https://support.google.com/mail/2986618?rd=1

Some of the more crucial settings to look at in your Gmail account are listed below. This is not a substitute for doing both, but it might be useful to take care of the most important things first so you can do the other two checks later (just remember to do them). These are arranged according to the kind of danger they pose.

Click the Settings gear (or cog) icon in the top-right corner to open the “Quick settings” panel, then select “See all settings” to access the Gmail settings page.

Possible Spam

settings that might cause spam to be appended to emails that are sent.

• General -> Settings -> Signature

Verify that your signature has not been altered. In the event that any additions are not visible, make sure to scroll down.

• Settings -> General -> Out-of-Office Reply (or Vacation Responder)

Verify that it is empty and disabled.

Theft of Emails

Configurations that might lead to email theft (possibly without any signs of it occurring).

• Settings -> POP Download -> Forwarding and POP/IMAP

Unless there is an obvious need for it, it is best to disable it.

• Settings -> POP/IMAP and Forwarding -> IMAP Access

Unless there is an obvious need for it, it is best to disable it.

• Settings -> POP/IMAP -> Forwardingand Forwarding

It is necessary to either disable forwarding or confirm that the forwarding addresses are accurate.

• Settings -> Blocked Addresses and Filters

Verify that no new filters have been added, and that no filters that already exist have been changed to forward or remove emails.

• Accounts and Import under Settings -> Forward correspondence as

Settings -> Forward correspondence as Accounts and Import

Outside Access

Configurations that might make the account accessible from the outside.

• Accounts and Import under Settings -> Permit access to your account.

Verify that no unidentified account has been set up with delegated access.
Additionally, remember the previously mentioned Account Security Checkup and Gmail Security Checklist.

Extra Details

• Boost the security of your account: Google support: https://support.google.com/accounts/answer/46526
• Here’s how to keep your Google Account from being locked: https://support.google.com/accounts/answer/7684753
• See https://www.google.com/safetycenter/everyone/start/ for additional information on account security
• If, following account recovery, you are missing messages: Google support: https://support.google.com/mail/answer/78353
• https://support.google.com/mail/answer/50200 Someone is utilizing your address.
• http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html: Identifying suspicious account activity

Safeguarding the Content of Your Account

Sometimes the hacker has erased the contacts and/or email history, even after a compromised account has been recovered. That data might be permanently lost if you haven’t backed it up to your local computer.

A Gmail account can be backed up in a variety of ways, and there are several tools available to assist you. The free tool https://github.com/jay0lee/got-your-back/wiki (also known as GYB) is arguably the most suitable for Gmail. It allows for the backup and restoration of both Gmail and Google Apps accounts, fully supports labels, and can be scheduled to run automatically. In order for the files to be included in your regular computer backup, it saves them locally.
More information about creating backups and other available tools can be found in the article that follows: /2012/01/gmail-backup.html http://gmail-tips.blogspot.com

Google, Inc. owns the trademark for Gmail. Google does not endorse or have any affiliation with this page.