I gotta say, though, that my experience with trying to get them to sort out any kind of issue with their services makes me reluctant to spend any money with them.
I bought a Pixel phone. As per the sales terms, the phone came with one year of Gemini AI Pro service. Except, the redemption process to get the year of service didn't work for me. I contacted Google, they never fixed it or offered any solution. I simply didn't get the year of service I was promised.
My friend, who bought a Pixel around the same time, also wasn't able to get the year of Gemini they were promised.
That same friend has a Google One subscription, billed through their phone carrier. Recently, Google (or the provider?) discontinued that specific Google One plan, as well as the option to bill via your carrier. This was all covered in an email sent to my friend. As consolation, the email explained, my friend was given the option to switch to a different plan, billed monthly by Google (instead of their phone carrier), with 6 months free. Except, the new plan, and the 6 months free, wasn't selectable as a plan type for their account. So my friend emails Google about it and, to my complete lack of surprise, Google was unwilling/unable to provide any resolution.
At this point, I legitimately don't understand why, unless I had no other option, I would pick Google for services. They clearly put no real effort into resolving any service issues for any customer that's not spending millions with them.
I think their motto of "don't be evil" was some pretty clever PR.
I started questioning it c. 2008 when they ghosted me on resolving an issue with my blogspot site that was a bug in the platform. All I could get was a condescending non-response from a "diamond" volunteer on a forum. They were apparently the gatekeepers to reaching actual support.
Back in the day they bought Feedburner, and merged it with their internal equivalent. In that process, my subscriber list was affected. They apologized and even sent out some swag. That was nice, for a small inconvenience at the time.
Today? humans don't even seem to be involved.
If they didn't have all their issues (discontinuing products, bad customer service) they'd probably be bigger than MS and Apple combined. But here we are.
Also for better or worse, I pay for bundled Google storage + Gemini and YouTube separately, it's still worth it, even without free months or whatever. And still better than being in MS or Apple's ecosystem.
When you pay for Google Workspace you are the client, not the customer and they do answer phone calls for support. The only two times my wife and I needed them for our SMEs, they picked up the phone and helped us resolve our issues. Super professional too. Haven't needed to give them a call in something like 8 years now.
Don't know about Pixel phone and Google One subscriptions but for SMEs Google Workspace is a godsend: it's incredibly cheap per employee and it's the way out of the Microsoft mediocrity. Everything only requires a browser, no matter the OS (wife works from Linux and now added a Mac Mini, for example): Windows can, at long last, get the middle finger in SMEs.
I'll forever be thankful to Google for allowing me to help many people get rid of Microsoft products, including Windows.
I admit once it didn't work I didn't reach out to support but the entire experience was shit sandwich after shit sandwich.
It's been a decade since Google broke their promise not to use information gleaned from your use of their services to sell ads.
> Google quietly erased that last privacy line in the sand — literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits “may be” combined with what the company learns from the use Gmail and other tools.
"Support" agents couldn't be bothered - this feels like AI trapping me in the tarpit maze to save a few USD on the disk storage and infefence cost, effectively scamming me.
I fixed this by deleting the subscription data for Google One (which also refunded me a prorated amount for my Google One plan), and then waiting a day.
Contract violation. The problem is it's simply too burdensome to go to small claims court.
People really fail to unionize when they can just piss in the wind.
Everyone who depends on the good graces of a cloud provider for something (not just Google, but Amazon, Microsoft, Apple, whatever) needs to at the very least, take a moment, and figure out what their plan is when they are suddenly banned and locked out permanently, without any way to contact the company.
Does life just go on, since you don't have anything important hosted there? (Best Case)
Do you lose some precious family photos and use it as a tough learning opportunity to stop doing what you're doing? (Next best)
Do you lose access to your E-mail and are suddenly not able to do 2FA, reset passwords, communicate with the company or the Internet in any way, and so on, and now have to panic?
Do you complain online, hoping that someone in the company sees your post and has the ability to restore your account, which you then continue to use because you learned nothing?
Having an online account suddenly suspended is a real, non-zero, but unlikely risk. You should at least have a disaster plan if you rely on these things for anything important. Or better yet, stop relying on them for important things like your identity or precious files!
We really need to just fix the laws.
This. There are something like 150 million Americans with a Google account, and these days it is more important than a phone number to have a working email.
Email is a utility. Email companies should be heavily regulated and controlled like phone or other utility companies.
This is one of the most common sentiments I hear expressed on HN, next only to "if you're not building your software business around Claude Code, you're gonna left behind".
It can be surprisingly difficult with a lot of SaaS products (including Google).
"I'm sure it's very sad that you've lost all your [email|calendar|photos|whatever]... but, were you, a person who has chosen to rely on a service provided by a cloud provider with a track record which goes back well over 15 years of locking people out of their accounts with no recourse for the user, not aware that said provider has a track record of doing so, in some cases without even giving an explanation why?
Were you not aware that the service you were relying on them for was critically important to you? Or were you unaware that the provider of this service has the capability to completely disable the service you're relying on with the simple flip of a switch?
I'm fascinated by this decision you've made - could you please explain the thought process by which you chose to use this service which you have no control over for critical things?"
Most people expect better because in most other walks of life it is better with some kind of plausible appeal route, and the deficiencies we're discussing don't really get publicized. These service-outcomes are the outliers in need of repair, not the consumers.
As an ex-googler, the only reason I was comfortable keeping even my personal email there was because I could reach out internally if there was a problem. I left Google, and left gmail behind too.
So one of the comments on one hackernews post on front-page almost somehow always refer to something within a hackernews post on the same front-page. I have seen this witnessed too many times that it might be time to name this phenomenon.
Tailscale is the only serious company that I can ever recall offering /only/ third party login. It's bit bizarre on the face of it. Anyone know the reason?
What a shit tier authentication mechanism.
This has the nefarious side effect of allowing Google or Facebook to track people across the Internet and apps. Webmasters like you are, often for no imperative reason, complicit of this by providing such login options.
Nothing has helped, the Google forums are tumbleweed and there's no one to reach out to for what could be an algorithm change or something gone wrong. I'm a paying Workspace customer and it's made me think I need a backup plan in case I'm ever suspended. Reports like this don't encourage.
The own-brand forum (Google, Microsoft, Apple) seem to be infested by netizens from lower-income countries trying to build online customer support portfolios by providing utterly useless answers.
That, or trying to game the system and getting shortlisted for a free trip to Google HQ for one of their contributor summits.
Notice how phone carries manage to have a shop in every little strip mall, you're never more than a few miles from the nearest one. Google takes in far more revenue, can easily afford the same. Or they could even just partner with the phone carriers and have a staffed desk in every tmobile/at&t/verizon shop.
No company will give full account unlock control to field employees.
Even the bank teller behind the glass needs to phone their internal fraud dept to unlock accounts.
“Exerting” would be more correct I guess but less fun.
Not only did they answer immediately whenever I had even the smallest problem or question: I twice broke my Glass, and each time I'd call the support number to ask for a replacement.
Google's policy was that no matter how you broke it or how many times it happened, they'd replace it free. They'd immediately send a box to return the broken device (prepaid) and a couple days later a brand new Glass would arrive.
Like I said, once upon a time....
I think organizations have a very hard time staying motivated once the product’s concern has moved away from any one team. While you test the product for them there’s likely people whose jobs depended on you and 7999 others doing so. But eventually a product will be considered shipped and all the various talent now pays attention to what’s next.
It's not the same league, not even the same sport.
PS: Not defending Google here, their support for some products is abysmal
Yes, because they were using you to figure out where it needed improvements for every day wear and tear. It wasn't charitable, it was R&D expense.
With this comment in mind, I just now called that same number with an instant pickup telling me they no longer take support calls at that number.
I saw it mentioned in a comment elsewhere in this thread, but the level of service you get really seems dependant on which pocket of Google is responsible for the product you happen to be using. Unfortunately Workspace is a giant pocket with many billions of users with suboptimal and/or perpetually exhausted support.
It feels like the security team made this change to reduce account hijacking but it's at complete odds with the recovery flow and modern security practices. Better hope your phone number doesn't get hijacked or recycled because it's the key to your account now, security keys be damned.
I've tried everything to find someone inside Google to fix this, but so far no luck. At least with Meta you can find someone on a forum like Swapd who will take a small bribe to fix these issues.
We have everything else but this alone is not enough.
The other option is to contact the phone company and explain, asking an open ended question if there is any way they could help you, with the permission of the current owner of the number, to get one more text message and move your Gmail to a new number. It doesn't sound in any way like you are trying to pull a scam, so they might help.
That sounds like its own kind of problems. (!)
I had this happen a couple years ago when I was migrating to a different domain. The only difference was all of the authentication that I supplied Google said was an adequate and I got into some sort of a login loop where Authenticator, SMS, DNS record nor pass key would provide enough authentication for me to get in.
I got the automated got bought to finally send me the mythical form, after completing that I was told that they were unable to authenticate me further. I ended up emailing their support multiple times and threatening lawsuits multiple times when I got a magic call from a human at Google. They also sent me the link that put me into a login loop however after chatting with them for nearly an hour I got a different magic login link form which appeared to work.
On the plus side, it does mean they have thousands of people who know how to fix problems.
It would be cool if Google (and other media giants, especially IdP ones) had an office where you could bring your passport and verify it's you. I don't think there is.
The Americans have done something kind of interesting along those lines, as far as an in-person IDV option to establish e-government accounts [0]. You start account setup online, then take a barcode to a post office along with your identity documents.
I have to imagine it’s hard to make a commercial case for such a system, though… especially these days with so much momentum toward the approach I resent—that is, requiring ID checks just to be online in the first place.
[0] https://www.login.gov/help/verify-your-identity/verify-your-...
Honestly, if you are using Gmail as your primary email I could probably ruin your entire year. I could just try and hack you (not even successfully) and Google will just shut down your entire life rather than attempt to work out who's right.
Had this happen to me. Fortunately the 'attacker' wasn't actually trying to do this, so damage was limited, but it's chilling when you think about what some motivated script kiddy can do with your Google account just by requesting password resets.
I had a Nest subscription that became a total mess. If you've ever tried to use Nest before, or are coming from a legacy Nest account, and/or also have a Workspace account that somehow got wrapped up in the mess, you'll understand how much of a clusterf Nest is for the Google ecosystem. I had signed up for this subscription on a personal Google account, cancelled it, but was still being charged for it, and the credit card being used made me think it was getting charged on my Google Workspace account (which isn't officially supported, and would never let you sign up for it, but DID share an email address with my legacy Nest account I had migrated into the non-Workspace personal account I was using for Nest).
They had to escalate the problem a couple times, which took ~24 hours. Once that happened, their rep had it resolved in minutes, and refunded me two months on the subscription.
The biggest piece of advice I can give when dealing with Google is: Never be weird. You cannot ever put yourself in a situation where your account isn't like the other billion accounts they have. If you do, something will go wrong and its rolling the dice on whether you'll ever reach someone who can help you. If you've used Google enough, you know: Their multifactor settings are weird. You cannot set it up exactly how you want; it'll always trigger some auth method you didn't configure but they have "LATENT KNOWLEDGE" you should be able to authenticate with, like a phone number you configured six years ago, or gmail installed on a tablet that's 400 miles away, and you can't turn it off, even on Workspace.
My favorite bit of Googleism: Go to any site you sign in with Google SSO and watch the URLs in the eight redirects it has to do before it signs you in. You'll see a "youtube.com" in there. Even on a Workspace account. Youtube.com is a load-bearing website in their core auth flows.
Mess of a company. I hope they invest some effort in improving things, but I was saying the same thing in 2018. They probably won't.
I've put in a heroic effort to make sure they never get a phone number, specifically so they can't start handing my account over to the first clown who simswaps me, and have been successful. Unfortunately, this makes my account weird, which as you noted is fatal.
I assume that's just because they need to set a cookie on the YouTube domain in case you visit YouTube later on the workspace account, and not "load bearing"in the manner you insinuate
These players MUST be regulated or treated like utilities; hoping the EU will ratchet up the pressure even more.
If your business is dependent on services you need to take a modicum of effort to protect yourself - the posts author was literally walking around with his entire business at risk from him dropping his phone or having it pickpocketed.
At the end of the day, the protagonist in this story is mad because Google won’t allow him to social engineer access to his company. He deleted his sole token (Google makes it trivial to add many) in the most fraud signally way possible.
Are we reading the same blog post? He had his password, 2FA authenticator set up, and backup codes -- everything Google asks you to have to be on the "golden" auth path.
He only deleted his SMS authentication path (one thing I don't understand is how he was able to do this in the first place without being logged in), which is in any case the least secure method of 2FA. Also, It should be fairly obvious that SMS is not expected to work seamlessly while traveling, how is this not a scenario that's hit by millions of Google users worldwide?
So for my own notes, removing a phone number from my Google account before travel will risk account suspension. Hope OP resolves it, but also need to make sure this never happens to me.
This is a massive bug here. I was also surprised recently that Google won't let you enroll multiple Authenticators. If we had functional security regulations I think there would be some pretty large fines for Google's error here.
edit: looks like there are affordable managed hosting providers for keycloak.
IMO, the worst part of this is Workspace support is immune to ANY explanation. I mean, credit card companies are well used to "is this your transaction?" emails.
We need the same for email.
Sure, it may not work with the ancillary services, but keeping your email address would solve a lot of issues.
But maybe you logged in to your domain registrar through google oauth. If your google account is locked you can't now get into your domain's settings to change your MX records.
The real problem isn't the email address itself, it's all the access that google owns on your behalf. Lose access to Google, lose access to everything.
In my experience Google Workspave support is very good. I’ve always been able to get a knowledgeable person on a call to debug issues without much difficulty.
But yea, if you’re locked out of your admin account, that’s another story. Very sjmilar to if you get locked out of your AWS root account. It’s a nightmare to recover.
It sounds like the mistake here is not appointing another Super Admin, and making sure they don't use their account for day to day needs. Or just having two Super Admin accounts controlled by the same person, heh.
I can't see how not using one's Super Admin account wouldn't prevent tripping some kind of fraud lockout that's impossible to recover from.
Randomly, I just remembered that I lost a GCP account because I tried logging in from Laos, and they asked me for the front and back photos of a payment card that I used ages ago that I didn't bother making scans of before it was lost. Urgh.
I don’t love it either, but these are Google’s published best practices / recommendations
These are the limits of scale. Too big, too complex, and not enough skilled people to maintain and/or support it. And our hubris as humans prevents us from accepting it. Why? Why can't we accept smaller but more functional things/systems?
We don't have to live like this.
I just set up google workspace and I didn't have recovery phone or anything,just password and recovery email. I didn't login for 1 week (life stuff). When I came back it allowed me to login but didn't allow any admin stuff saying it didn't recognize me and that I must use a known browser.
Well, that was the only browser I logged in with.
The solution was a weird thing where I was able to add phone recovery and authenticator, but then had to wait 2 weeks (couldn't use it). After that I performed authentication as usual.
It's horrible.
But you dear HNer ain’t a normie!
You have the skills to migrate your stuff away. It is time to pull the trigger.
Google Drive & Workspace are their most poorly designed products with the shittiest support ecosystem. Google would rather bleed money than work on it.
That's one of reason I started DoShare Personal Cloud[₁]
> Update 1 - I know I can simply change the MX record to someone else but It has its own challenges.
I don't quite get that attitude. He's describing that he needs his business emails. Not just getting a mail server back online for that, even as interim solution, points to the opposite. In the time it takes for MX TTL to expire he could easily just throw up a postfix+dovecot on some VPS, with enough time to spare to add something like sogo if he feels fancy.
I probably wouldn't believe him either. Google should have an option to revert to the last trusted config after some verification method. Google support is bad, I'll give him that.
All this to avoid roaming charges? And then refusing to share a personal email in this scenario and missing meetings because of that.
I'd argue that changing the MX to fastmail or Microsoft would be much faster than a postfix+dovecot solution on a VPS but I think he's just refusing any solution based on his principals.
Forever.
Good luck to you
It would dramatically improve the service.
- Moved to no 2FA sub-organization
- Reset password
- Disabled security check for ten minutes
- Logged in as the user in a fresh browser profile
- Exported data with Takeout
- Deleted the account in the admin console
There is a Workspace Admin option to export users' data but it warns of an automatic 48 hour delay to let "other admins take action" if something is amiss. The client wanted the task done before getting hit with the full monthly license fees again so I had to go the manual route.
Granted, out of paranoia, I was using the client's office VPN as my traffic egress so maybe that helped.
Never put your phone in there in the first place. You can actually skip that step.
It's just too long to fit on a T-shirt but not to memorise.
>Update 2 - Sadly, its 2 PM in the UK and I will miss the meeting that I had scheduled via Google Meet because emails are not working
Srsly?
I legitimately thought that was impossible, so, uh, baby steps?
I thought with Workspace you'd actually be spared from this kind of BS
I guess not?
Why the fuck would Google care in which country I live? It's a personal decision, and no corporation should have any say in this. They certainly don't have to flag an account for that, especially not if the account has 2FA enabled. This is on Google, too.
Your comment is victim blaming.
30 day cool down period is a reasonable response, at scale.
Well, you have become the product here. That also happens by other "free" email providers too. I had this happen to me on inbox.lt; the guy demanded I use a smartphone to "prove" my identity. At that point I realised they want to connect this data to the account and sell it to others who are interested in that.