What actually helps

0. Set up passkeys before you need them

The single best thing a regular person can do to avoid future lockouts. Passkeys replace your password with your phone or laptop's fingerprint/face unlock, so there's nothing to forget, phish, or guess. Most lockout loops never start in the first place if a trusted device with a passkey is the one logging in.

• Google account passkey: the short link g.co/passkeys often breaks. If it does, try these two directly:
  • Overview / marketing: google.com/account/about/passkeys/
  • Direct setup (must be signed in): myaccount.google.com/signinoptions/passkeys

  If Safari shows "Navigation was blocked by Cross-Origin-Opener-Policy", open the link in Chrome, or paste the URL into a fresh tab instead of following a redirect. Seeing weird URLs, redirects, or SMS landing on a phone that isn't yours? Log it as a field report →

• Apple ID passkey: Settings → your name → Sign-In & Security → Passkey (iOS 17+ / macOS Sonoma+).
• Microsoft account passkey: account.microsoft.com/security.
• Hardware backup (~$30): a YubiKey or Google Titan key adds a physical fallback that survives losing your phone. Add two — one to use, one in a drawer.
• Make sure your passkeys sync somewhere: iCloud Keychain, Google Password Manager, 1Password, or Bitwarden. A passkey on a single device that dies is just another lockout waiting to happen.

1. Stop trying for the full wait period

Every fresh recovery attempt during a 30-day wait can be read as a new "suspicious event" by the risk system and reset the clock. As hard as it is, leave it alone until the date you were given.

2. When the wait ends, use the most familiar device possible

Same physical device, same browser, same Wi-Fi, same physical location as your last successful login. Risk scoring weights all of these heavily. A new laptop on hotel Wi-Fi will fail checks your old phone on home Wi-Fi passes.

3. Do not change recovery info during a wait

Changing your recovery phone or email mid-wait often restarts the cooldown. Even if the old number is gone, don't touch it from within the recovery flow.

4. Secure everything around the account

Before you get back in, the attack surface you can control:

• Call your phone carrier and put a SIM-swap lock on your number.
• Change the password on your recovery email and enable 2FA there.
• Run a malware scan on the computer you've been logging in from.
• Watch your bank, payroll, and any financial account tied to that email.

5. Document everything

Date, screenshot, prompt count, error message, the financial or personal impact. This is the difference between "I'm frustrated" and "here is a 60-day timeline." Save the screenshots somewhere outside the Google account.

6. Official Google paths

These are the only legitimate channels. Anyone DMing you offering to "restore your account" for money is a scam.

• Account recovery form
• Account recovery tips (official)
• Google Accounts help community — sometimes a Product Expert can escalate.
• If you pay for Google One, your subscription gives you One member support — they're the only humans most users can actually reach.

7. If you've exhausted Google's process

These agencies accept consumer complaints. Filing one doesn't get your account back, but it adds to the public record and sometimes triggers a review.

• US: FTC ReportFraud, your state Attorney General, and the BBB.
• EU: your national Data Protection Authority (GDPR right of access, right to rectification).
• UK: Information Commissioner's Office.
• Canada: Office of the Privacy Commissioner.
• Australia: OAIC.

8. If real money is on the line

Small claims court in your area handles disputes under a few thousand dollars without a lawyer. A free consultation with a consumer-rights attorney can tell you in 15 minutes whether your specific situation is worth pursuing. This site does not give legal advice and we are not lawyers.