I am struggling to help a family member who is dealing with a variety of medical issues, including several which have severe effects on her short-term memory and cause a lot of confusion.

She has an iPhone and an iPad, and for reasons she cannot explain, she regularly goes in and resets her Gmail password. Then she forgets what she reset it to, and can’t access her email. So she resets it again.

This is now happening multiple times per month.

I have her recovery information (backup email) set to an email address that goes to me. In the past, I have always been able to use this to access her Gmail account, reset her password, tell her what it is, and then she can enter it into her phone.

Unfortunately, today I was not able to do this. I received the email from Google, I was asked for a recent password that worked… and I provided it. I was asked a security question, to which I gave the correct answer. Google still refused to log me in, saying that they could not verify that the account belongs to me. (I assume this is all automated. I also assume that because we live in different states, some automated system thinks someone is trying to ‘hack’ her Gmail account.)

Other than “Change Her Email Provider To Something Other Than Gmail” (which is … complicated, more than usual, for reasons too long to go into here), I am trying to think of ways to make it difficult or impossible for her to reset her own password. To be honest, I don’t think it’s possible. I’m not even sure it would be possible on another platform.

Even if I set up 2FA (and didn’t give her access to the 2FA) I think the ‘Forgot Password’ would still allow her to reset it.

Although this family member lives several hours away, I’m going to see them next weekend, and I’m hoping to have a solution that I can use so I can set up her iPhone and iPad email but then “lock it down” because so far telling her “Don’t Reset Your Password, Call Me Instead” has not worked. (She doesn’t call because she “doesn’t want to bother me” but then she calls me when it’s a bigger and much more difficult problem to solve… And she keeps doing this, presumably because she doesn’t remember that it keeps happening.)

Trying to do a web search for this is impossible because everything presumes that you have been locked out of the account and want to get in but I want someone who is in to be “locked out” of making password changes.

Any ideas / suggestions?

Keep us posted on this. Who knows, I made need to give this solution to my children one day!

Unless there is something in Google’s Parental Controls toolbox, it may be time to “take the car keys away.”

What about just getting them to use Gmail through an App like Apple’s Mail. This may abstract them from the gmail account making it more difficult to get to it and change the password.

Tough situation, TJ. Is she getting in with an alternate email or by answering security questions? I wonder if you could change her security questions to something she can’t answer. If custom text is allowed, maybe you could set the prompt to remind her to contact you.

If she’s getting in via email, you could hide the recovery link with a filter.

I can’t think of an official setting that would prevent this, unfortunately. I think only G Suite can prevent user resets by configuration.

That’s an excellent thought. She must be using the security questions, as the ‘alternate email’ goes to me.

So if she can’t answer the security questions and doesn’t have the other email, that should stop her from resetting the password.

We may have a solution. Thanks!

(I think that Google has ‘deprecated’ security questions in favor of 2FA, but I’ll have to see.)

That’s also a very good idea.

That’s basically what I’m attempting to do, except… to strain the analogy, I need to take the keys away, but still allow her to “drive the car” since email is her primary source of contact with the outside world.

If I had this to do over again, I probably would have set up a custom domain and a managed account for her instead. But, water under the bridge, at this point.

I’d suggest setting these answers with 1password or another pw manager.
Anything you’d need an app for to get at it.

My standard practice is always to have 1Pw generate a random long pw as the security question answer. Think that might also work for you.
If you have it in your pw manager she won’t be able to change the pw again.

Google has the Family Link service for creating accounts for children that are managed by the parent, including password reset. Perhaps set up a Family Link account, and forward the existing account to the new account that you control for your family member? That way anyone that has the old address doesn’t need to know that anything changed.

For anyone who finds this thread in the future, here’s what we did:

With physical access to the phone designated as “Recovery Phone”, we logged in to https://myaccount.google.com/security.

• “Recovery Phone” - Once logged in, we changed the “Recovery Phone” number to my number, and put my wife’s phone as a backup “Recovery Phone”.

• “Recovery Email” - The “Recovery Email” address was already set to one in my control.

• Enabled Two-Factor Authentication (aka “2-Step Verification” in Google or “One-Time Password” in 1Password) - The first step for this also requires a mobile phone, so we used mine again. (Note: I believe that once you have enabled 2FA, the previously set “Security Question” is no longer used.)

• Backup Codes - We stored the 2FA “Backups Codes” in 1Password (in a shared vault which is accessible by my wife and me).

• Authenticator App - We added an “Authenticator App” (also 1Password). We scanned the QR code, which saved the 2FA info into 1Password (same shared vault entry).

Once all of that was done on the primary device, I went to my computer, and used the ‘Forgot Password’ feature to reset the password.

I was asked to provide a 2FA code before it would email me a recovery code to the recovery email address.

Once I had received the recovery code to the recovery email address, I was able to change the password to a very, very long randomized password from 1Password.

As mentioned, all of this information was stored in 1Password, so either my wife or me could access it if needed in the future. This means that the family member in question is not going to be left in the lurch if one or the other of us dies or something similarly terrible happens to us.

Your Email Is the Key to Your Digital Kingdom

Everyone reading this probably knows this already, but email is the key to every other account you have. Your bank, your doctor, your hospital, your entire online life pretty much revolves around your email, if for no other reason than if you click “Forgot Password” on any of those services, they are probably going to send you a link to your email.

Getting your email account hacked is probably the worst outcome, but forgetting your email password (and not being able to get back into the account) is a close second.

You do not want yourself or a loved one to get locked out of their email account. And if they (or you) are using a free account such as Gmail, you should not expect to get any help whatsoever from the vendor.

If you have aging loved ones (parents, grandparents, aunts, uncles, whatevers), it would be an act of loving-kindness to make sure:

1. Email accounts are Secure (make sure they aren’t using “password!” for their password, etc)

2. Their “Account Recovery” information is set up, complete, and up-to-date.

Doing this before there is a problem is easy. Trying to fix it after there’s a problem is going to be much, much harder, and may literally be impossible.

This. Guard your email addresses as if they are gold.

Thank you. This is a valuable service to the community.

In working through your checklist with several Gmail accounts, I noticed that I was using an email address from a self-hosted email account as the recovery email account. I changed all these to my iCloud address as it is not unlikely that I would have disabled that self-hosted email account and not remembered that I was using it for Google security configuration.

I also added to OF a quarterly security audit of all accounts as a recurring task.

Outstanding information. I’ve shared this with relatives to improve their security protocols.

Another reason to use 1Password instead of iCloud Keychain: in the ‘notes’ section, beneath the username and password, I added details like this:

2021-07-30 Updates and Changes

• Account Recovery Backup Address is: user@example.com
• Account Recovery Phone: 317-555-4321
• Backup Phone: 740-555-4321

Those phone numbers are not the actual ones, for obvious reasons. They are stand-ins for my wife’s cell phone # and my cell phone number. Note that I didn’t put “Account Recovery Phone is my cell phone number” because what if I have a different number in the future? Will I know if this has been updated or not? Same for my wife’s.

Then I tag that entry with 3 tags:

• user@example.com
• 317-555-4321
• 740-555-4321

So, if for some reason I ever need to find all of the places where I use user@example.com then I can just click on the tag in 1Password. Same for if I need to track down which services use our cell phone numbers.

Pro-Tip: I do the same thing with things like Netflix, Disney+, etc. and the credit cards that I have set up to pay for them. We have 2-3 credit cards, and almost always use the same one for all of our online subscriptions, etc, but sometimes we use a different one for whatever reason.

A few years ago when our card was stolen and we had to get a new one (and a new number), I went through and tagged all of the online accounts and services that use our Visa and added a tag “Visa-9128”. If our Visa ending in 9128 ever gets stolen, I can easily find all of the places that I need to go and update it.

I hope to never need to use that, but if I do, it’s a lot easier than going through all of our services and trying to remember which one gets paid with which card.