[shadowgovt]

At the very least, I recommend sharding your accounts for work, email, and data storage if you're nervous about those failing simultaneously.

The attack surface is larger than a TOS violation (someone could spear-phish your login credentials, or a coordinated attack on your account could lead to denial-of-service if Google can't disambiguate your legitimate attempts to login from attackers' attempts).

[ghaff]

Yes. Whatever the real specifics of this particular case, some number of users will inevitably lose access to their accounts in a way that they can't recover from. Arguably, with business services, there will always to some way to reliably establish identity with fallback systems. But, at some point with free/ad-supported/etc. consumer services a provider is sometimes, if hopefully rarely, just going to go "Nope. Can't establish your identity or overlook this ToS violation. No recourse." and showing up in Mountain View with physical documentation isn't going to be an option.

It's not an ideal state of affairs. But the alternative would probably need to be more rigorous identity verification and locking down of systems.

[sorenjan]

I'm afraid I can't find the source, so take this with a grain of salt. But I seem to remember reading a few years ago about a small company having all their employee's Google accounts suspended because one of them had previously been banned for something, and his banned account then "infected" any other accounts it came into contact with, like common projects.

I question whether separate accounts would help, Google's automated systems probably connect them and bans all of them anyway.