fsebugoutzone.org:9999

       Post AVlTvitJrlPjZoIWVE by VulcanTourist@mastodon.social
 (DIR) More posts by VulcanTourist@mastodon.social
 (DIR) Post #AVkV3tpkyIWccw8NIe by lauren@mastodon.laurenweinstein.org
       2023-05-17T14:41:37Z
       
       0 likes, 0 repeats
       
       ***** An Example of a Very Sad Google Account Recovery Failure — and How It Affects Real People *****https://lauren.vortex.com/2023/05/17/google-account-recovery-failure-sadAll, I am doing something in this post that I&#39;ve never done before over these many years. I&#39;m going to share with you an example of what Google account recovery failure means to the people involved, and this is by no means the worst such case I&#39;ve seen -- not even close, unfortunately.I mentioned yesterday in my other venues how (for many years) I&#39;ve routinely tried to informally help people with Google account recovery issues, because the process can be so difficult for many persons to navigate, and frequently fails. The announcement yesterday of Google&#39;s inactive account deletion policy that I blogged about then:https://lauren.vortex.com/2023/05/16/google-inactive-accounts-deletiontriggered an onslaught of concerns that for a time made my blog inaccessible and even delayed inbound and outbound email processing.I&#39;m going to include below most of the text from messages I received today from one of my readers about a specific Google account recovery failure -- and how that&#39;s affecting a nearly 90-year-old woman. I&#39;ll be anonymizing the message texts, and I&#39;ve of course received permission from the sender to show you this.Unfortunately, this example is all too familiar for me. It is very much typical of the Google account recovery problems that Google users, so dependent on Google in their daily lives, bring to my attention in the hope that I might be able to help.I&#39;ve been discussing these issues with Google for many years. I&#39;ve suggested &quot;ombudspeople&quot;, account escalation and appeal procedures that ordinary people could understand, and many other concepts. They&#39;ve all basically hit the brick wall of Google suggesting that at their scale, nothing can be done about such &quot;edge&quot; cases. I disagree. In today&#39;s regulatory and political environment, these edge cases matter more than ever. And I will continue to do what I can, as ineffective as these efforts often turn out to be. -L - - - Message Text Begins - - -Hi Lauren, I tried to help a lovely neighbor (the quintessential &quot;little old lady&quot;) recently with her attempt to recover her legacy gmail account. We ultimately gave up and she created a second, new account instead. She had been using the original account forever (15+ years) and it was created so long ago that she didn&#39;t need to provide any &quot;recovery&quot; contacts at that time (or she may have used a landline phone number that&#39;s long been cancelled now). For at least the last decade, she was just using the stored password to login and check her email. When her ancient iPad finally died, she tried to add the gmail account to her new replacement iPad. However, she couldn&#39;t remember the password in order to login. Because the old device had changed and she couldn&#39;t remember the password and there was no back channel recovery method for her account, there was no way to login. I don&#39;t know if you&#39;ve ever attempted to contact a human being at google tech support, but it&#39;s pretty much impossible. They also don&#39;t seem to have an exception mechanism for cases like this. So she had to abandon hopes of viewing the google photos of her (now deceased) beloved pet, her contacts, her email subscriptions, reminders, calendar entries, etc.I understand the desire to keep accounts secure and the need to reduce customer support expenses for a free service with millions of users. But it&#39;s also frustrating for end users when there&#39;s no way to appeal/review/reconsider the automated lockout. She&#39;s nearly 90 years old, so I find it remarkable that she&#39;s able to use the iPad. But it&#39;s difficult to know what to say to someone like this when she asks &quot;what can we do now&quot; and there are no options...I recognize that there are many different kinds of google users. Some folks (like journalists, dissidents, whistleblowers, political candidates, human rights workers, etc.) need maximum security for their communications (and their contacts). In these cases, it makes sense to employ multifactor authentication, end-to-end encryption, one time passwords, and other exceptional privacy and security features. However, there are a great many average users who find these additional steps difficult, frustrating and (esp. in the case of elderly people who aren&#39;t necessarily very technology savvy), sometimes bewildering. It&#39;s tough to explain that your treasured photos can&#39;t be retrieved because you&#39;re not the sort of user that google had in mind. Not everyone is a millennial digital native who finds this all obvious. - - - Message Text Ends - - ---Lauren--
       
 (DIR) Post #AVkfVsTAdWjy2tY7Hc by VulcanTourist@mastodon.social
       2023-05-17T16:39:25Z
       
       0 likes, 0 repeats
       
       @lauren This is why it&#39;s SO very important to educate people about best practices they should employ before ignorance leads to catastrophe.  First, the need to use TRULY secure passwords - so secure they can&#39;t be memorized - in conjunction with a well-secured and well-backed-up password manager.  If you can remember and retype a password, it&#39;s not strong enough!  Second, NEVER using the same password for more than one site or service, lest a breach of one lead to multiple dominoes falling.
       
 (DIR) Post #AVkhBpcZiUllKQW8ES by lauren@mastodon.laurenweinstein.org
       2023-05-17T16:58:15Z
       
       0 likes, 0 repeats
       
       @VulcanTourist For the record, I don&#39;t use any third party password managers. And I&#39;m pretty well informed about this stuff. By the way, secure passwords don&#39;t have to be unmemorizable. Passphrases composed even of a number of common words strung together can be quite secure relatively. Even more so with some misspellings and special characters thrown in.
       
 (DIR) Post #AVlHjOEBfS6eZ6PY9I by VulcanTourist@mastodon.social
       2023-05-17T23:47:37Z
       
       0 likes, 0 repeats
       
       @lauren I have 659 distinct entries in my password manager.  Perhaps someone with a truly eidetic memory could manage to rote-memorize 659 passphrases, but I certainly can&#39;t.  I use ONE very long passphrase: the encryption key for the password database.  That I must and can remember, but the rest I don&#39;t.  The password manager I use has never suffered a collective breach because there&#39;s no cloud storage being provided.I&#39;m pretty uninformed, though, so perhaps I&#39;m doing it all entirely wrong.
       
 (DIR) Post #AVlLXYXFuzNasJwWgq by lauren@mastodon.laurenweinstein.org
       2023-05-18T00:30:16Z
       
       0 likes, 0 repeats
       
       @VulcanTourist Whatever works for you.
       
 (DIR) Post #AVlPRuRnw7CmugxLKC by VulcanTourist@mastodon.social
       2023-05-18T01:14:09Z
       
       0 likes, 0 repeats
       
       @lauren I&#39;m always appreciative of every bit of bridge-building dismissiveness I can accumulate, so thanks.  Surprising insights that challenge my conclusions are of little interest to me, so again thanks for not offering any.
       
 (DIR) Post #AVlPecUY0TcCzOIf0C by lauren@mastodon.laurenweinstein.org
       2023-05-18T01:16:28Z
       
       0 likes, 0 repeats
       
       @VulcanTourist It&#39;s clear you are comfortable with your password management system. I&#39;m not going to argue with you about your decisions in this regard.
       
 (DIR) Post #AVlRArWLlRrip156WW by VulcanTourist@mastodon.social
       2023-05-18T01:33:26Z
       
       0 likes, 0 repeats
       
       @lauren &gt; It&#39;s clear you are comfortable with your password management system.I&#39;m not.  It&#39;s a slightly inconvenient PITA that demands routine maintenance but, until a passwordless future arrives that works in every context where a password is now required (FIDO2 isn&#39;t it), I have yet to find an improved means to manage those 654 &quot;accounts&quot;.I didn&#39;t criticize your statement, only added context, but you were first defensive and then dismissive.  This shouldn&#39;t be Twitter.
       
 (DIR) Post #AVlRYKz2OALerKh3k8 by lauren@mastodon.laurenweinstein.org
       2023-05-18T01:37:45Z
       
       0 likes, 0 repeats
       
       @VulcanTourist I&#39;m not being dismissive. I simply know better than being pulled into arguments on this topic in this venue. So, best of luck with your system. Seriously.
       
 (DIR) Post #AVlTvitJrlPjZoIWVE by VulcanTourist@mastodon.social
       2023-05-18T02:04:16Z
       
       0 likes, 0 repeats
       
       @lauren My original comment wasn&#39;t argumentative; there was no criticism.  It was an attempt to add context... which for SOME reason you disliked.  Your defensive response, which began, &quot;For the record, I don&#39;t use any third party password managers... and I&#39;m pretty well informed about this stuff&quot;, initiated the &quot;argument&quot;.  Why you felt the need to reinforce your expertise in response to a statement adding context was confusing, to say the least.
       
 (DIR) Post #AVlbn1UU8yaKHy2nuS by Darius@mastodon.cloud
       2023-05-18T03:32:25Z
       
       0 likes, 0 repeats
       
       @lauren Security is great but for the vast majority of people availability is more important IMO