How to Recover a Locked Google Account

The panic I felt when I realized I couldn’t access my Google account was indescribable. Email, photos, documents, calendar, contacts… everything depends on that account. Fortunately, I managed to recover it, but the process taught me how important it is to have everything prepared before something like this happens.

Table of contents

Why your Google account might be locked

Before trying to recover your locked Google account, it helps to understand why it happened. The most common reasons are:

1. Forgotten password: The most frequent reason and the easiest to fix.
2. Suspicious activity: Google detected a login from an unusual location or device.
3. Compromised account: Someone accessed your account and changed the password.
4. Terms of service violation: Activities prohibited by Google.
5. Too many failed attempts: Temporary lock after several incorrect tries.
6. Two-step verification failed: You lost access to your verification method.

I had a case of suspicious activity. I traveled to another country and Google locked my account because it detected a login from an unusual location. The recovery process took about 20 minutes.

Pro-tip: If your account was locked due to suspicious activity and you were the one responsible (travel, new device), recovery is usually quick. If it was hacked, the process is longer and more urgent.

Method 1: Standard Google recovery

Google has a built-in recovery process that works in most cases.

Steps to recover your account

1. Go to accounts.google.com/signin/recovery from any browser.
2. Enter your Google email address (@gmail.com).
3. Google will ask you to verify your identity through:
   • Previous password: If you remember it partially, enter it.
   • Code to recovery phone: An SMS to your associated number.
   • Code to recovery email: An email to your alternate address.
   • Security question: If you set one up (less common today).
4. Follow the instructions and create a new password.

If you can’t access the recovery phone or email

Google offers additional options:

1. Answer questions about your account (when you created it, what devices you used).
2. Enter an email address you can verify now.
3. Wait for Google’s manual review (can take several days).

Method 2: Recover a hacked account

If you suspect someone changed your password and accessed your account, the process is more urgent.

Signs your account was hacked

• You can’t log in with your usual password.
• You received an email from Google about changes to your account.
• Your contacts received suspicious emails from your account.
• You notice activity you don’t recognize in your history.

What to do immediately

1. Go to accounts.google.com/signin/recovery and follow the process.
2. If you manage to log in, change your password immediately.
3. Check the Security section > Your devices and sign out of all devices.
4. Enable two-step verification if you didn’t have it.
5. Review third-party app permissions and revoke suspicious ones.
6. Check your inbox and trash for filters or forwarding rules the hacker may have created.

Pro-tip: If the hacker set up forwarding filters, your emails might still be redirected even after you recover your account. Check Settings > Filters and blocked addresses after recovering your account.

Method 3: Recovery with two-step verification

If you had two-step verification enabled and lost access to your second factor, recovery is more complicated but possible.

Available options

1. Backup codes: When you set up two-step verification, Google gave you 10 backup codes. If you saved them, use them.
2. Authenticator app on another device: If you had Google Authenticator on another phone, you can use it.
3. Physical security key: If you registered a FIDO2 key, use it to verify.
4. Extended recovery process: Google will ask you additional questions to verify your identity.

If you have no recovery options

In this case, Google offers a more extensive recovery form:

1. Enter as much information about your account as possible.
2. Google will review your request manually.
3. It can take between 3-5 business days.

What to do after recovering your account

Once you recover your Google account, there are several steps you should follow to make sure it doesn’t happen again.

Change your password

Use a strong and unique password. Don’t use the same password as other accounts. A password manager like Bitwarden or 1Password helps you manage secure passwords.

Enable two-step verification

If you didn’t have it enabled, turn it on now. Use an authenticator app (Google Authenticator, Authy) instead of SMS, which is more secure.

Review your recovery information

Make sure your recovery phone number and email are up to date. They’re your safety net if you lose access again.

Review connected devices

In Security > Your devices, check which devices have active sessions. Sign out of any you don’t recognize.

Review third-party permissions

In Security > Third-party apps with account access, revoke permissions for apps you don’t use or don’t recognize.

How to prevent your account from being locked or hacked

Prevention is better than cure. These are the steps you should take today to protect your Google account.

Use unique and strong passwords

Never reuse passwords. If a service is hacked and you use the same password on Google, your account is exposed. Use a password manager.

Keep your recovery information updated

Your phone number and alternate email should always be current. If you change your number, update Google immediately.

Have backup codes saved

When you enable two-step verification, Google gives you backup codes. Store them somewhere safe (not in Google Drive itself). Print them or save them in a password manager.

Don’t click on suspicious links

Phishing is the most common way to steal accounts. Never enter your Google password on a link sent by email. Always go directly to accounts.google.com.

Pro-tip: Set up Google Advanced Protection Program if you handle very sensitive information. It offers the maximum security available for Google accounts, including mandatory physical security keys.

What to do if Google’s recovery process fails

Sometimes, despite following all the steps, Google’s automated recovery doesn’t work. This usually happens when the account was compromised and the attacker changed all recovery information, or when you no longer have access to any of the verification methods. Here’s what to try when the standard process fails.

Use a familiar device and location: Google’s recovery algorithm gives more weight to requests made from devices and locations you’ve used before. If possible, try recovering from a computer or phone you’ve previously signed in on, from a WiFi network you regularly use (home, office). This significantly increases your chances of passing Google’s identity verification.

Be patient with manual review: If Google offers a manual review option, take it. The process can take 3-5 business days, but a real human will review your case. Provide as much accurate information as possible: when you created the account, what devices you’ve used, labels you’ve applied to emails, contacts you frequently email.

Try multiple times over several days: Google’s recovery system is probabilistic. A failed attempt on Monday might succeed on Wednesday from a different device. Don’t spam the form, but trying once every few days from different trusted devices is reasonable.

Contact Google Workspace support: If your account is a Google Workspace (business) account, you may be able to contact your domain administrator, who can reset your access. This is one advantage of business accounts over personal Gmail.

Legal requests: In extreme cases, especially involving financial or legal matters tied to the account, you may be able to submit a legal request to Google. This is a last resort and requires documentation, but it exists for situations where the account holds critical information.

Warning: Never use third-party “account recovery” services that promise to unlock your Google account for a fee. These are scams. Only Google can recover Google accounts, and the process is always free.

FAQ: Frequently asked questions

How long does Google take to respond to a recovery request?

Automatic recovery is immediate if you have access to your recovery phone or email. Manual review can take between 3-5 business days.

Can Google recover my account without my recovery information?

It’s very difficult. Google uses your recovery information to verify your identity. Without it, options are limited and there’s no guarantee of success.

Do I lose my data if my Google account is hacked?

Not necessarily. Google preserves your data even if the account is compromised. After recovering the account, you should have access to all your email, photos, and documents.

Should I use the same Google account for everything?

It’s convenient to have one main account for personal services and a separate one for subscriptions and web registrations. If the registration account is hacked, your main account is protected.

Is two-step verification by SMS safe?

It’s better than nothing, but it’s not ideal. SIM swapping attacks allow hackers to intercept your SMS. Use an authenticator app or physical security key for better security.

Conclusion

Recovering a locked Google account is possible in most cases, but the process can be stressful and lengthy. The best thing you can do is prevent: enable two-step verification, keep your recovery information updated, and save backup codes in a safe place.

If you’re already locked out, follow Google’s recovery steps calmly and patiently. And once you recover the account, secure it immediately by following this article’s recommendations. Don’t let it happen again.