[into_infinity]

Google generally does stuff like that when they believe somebody else had access to your account and made changes. This sometimes involves the attacker enrolling for (their own) 2FA or changing recovery methods to lock you out. So, the action of removing 2FA is in itself not unreasonable.

It's possible that their logic has some sort of a bug, especially if it only happens when you visit a specific service - and in that case, getting on HN might be the best way to get it looked at by a human... but also make sure you don't have any other issues going on.

[nalllar]

Removing security keys that have been registered for years is very unlikely to be the right move even if my device has been compromised, as they are one of the most reliable ways I could prove I am the original account owner at some later point.

If the message had stated "We have removed recently added security keys" I would be a lot more understanding!

[lamontcg]

If you had your recovery keys stored in a note on lastpass you might have wanted to rotate those as well recently.

Yeah, in theory those recovery keys should still be secure, but you know for certain that a hostile attacker has the encrypted secure note, and without any confidence in lastpass it makes sense to change them as well.

Unfortunately this means you look exactly like someone doing an account takeover and changing the password and recovery keys on the account.

[nalllar]

Thanks for the heads up.

I don't use lastpass, but if I did I wouldn't have to because this "Just to be safe" process also reset/removed the recovery keys.

[ehsankia]

> registered for years

Right, that's likely the "bug" part. On HN of all places, people shouldn't be surprised that bugs happen.

[nalllar]

Unfortunately due to a lack of customer support posting here gives me the best chance of getting it fixed!

If google had working support flows I would not have written this up or posted here about it.

A few years back I lost access to a different google account as the recovery phone number was a landline and google was trying to send SMS messsages to it. I had the right password but it thought I was suspicious and insisted on SMS verification. I never managed to reach a human to get something done about the issue.

[sofixa]

> Unfortunately due to a lack of customer support posting here gives me the best chance of getting it fixed! > If google had working support flows I would not have written this up or posted here about it.

They do, you just have to pay for that privilege via Google One.

[nalllar]

If you are locked out you can't access Google One's support.

[sofixa]

My understanding is that you can always call them, even if your account is blocked.

[quadrifoliate]

> getting on HN might be the best way to get it looked at by a human... but also make sure you don't have any other issues going on.

Wait, why are we normalizing this? Getting on HN is always the second-best way to get it looked at by a human. The best would be, you know, Google devs doing their job and helping their users instead of solving LeetCode or writing their next promo packet or whatever it is they do all day.

I'm not a big fan of this trend where Google and other companies are essentially outsourcing their (horrible) customer service to this message board.

I mean I'll still upvote the post in case I need to invoke this terrible fallback in the future, but I think it's reasonable to grumble about it.

[into_infinity]

To their defense: given the company's business model, there's probably no other way of handling it. They make money at a massive scale, and as an individual user, you're not worth enough to provide customer support - or really, any special consideration.

The problem might be the business model itself. Google is not attached to any one of its billions of users, but they can cause a lot of pain if they randomly cut you off - especially in a world where email is essentially online identity. But then, I'd wager that a good 90% of us are employed in places that want to replicate that model at any cost... glass houses and all.