PDF Word Excel
← Back to Blog

Locked Out of an Account: A Calm Recovery Guide for Email, Social Media, and Banking

By Vinay Kumar

It's a horrible feeling. You try to log in, the password is wrong, you reset it, the OTP doesn't arrive, and slowly you realise you're locked out. Your first instinct will be panic. Your second instinct will be to Google "recover [service] account" and click whatever's on top.

Both instincts are wrong. Take a breath. Account recovery is mostly about doing the right things in the right order.

Step 1: Determine what kind of lockout it is

There are roughly three categories.

You forgot your password but still control your phone and recovery email. This is the easiest case — use the official "forgot password" flow.

Someone else changed your password (you've been hacked). Harder, but recoverable through the service's account recovery process.

The service has locked your account for some policy reason (unusual activity, suspected fraud, terms violation). This usually requires contacting the service and waiting.

Knowing which one you're dealing with shapes everything that follows.

Step 2: Go directly to the official site, never via search ads

When you Google something like "recover my Gmail account," the top results often include paid ads. Some of these ads point to fake "recovery services" that will take your money and either do nothing or actively impersonate you against the real service.

Type the URL of the real service yourself. Or go through your bookmarks if you have them. The recovery flow you want is on the actual service's domain — accounts.google.com, login.microsoftonline.com, your real bank's site — and nowhere else.

Step 3: Use the official recovery options carefully

Most services have a multi-step recovery flow that asks for things like an old password you remember, a phone number you used, an approximate account creation date, the names of frequent contacts. Answer as accurately as you can. Each correct piece raises the system's confidence that it's really you.

If you have a backup recovery code (hopefully you saved one when you set up 2FA), now is the moment it earns its keep.

Step 4: If you're hacked, secure other accounts immediately

If your email is compromised, every other service tied to that email is also at risk. Even before you fully recover the email, change passwords on your important accounts (bank, work, social media), and where possible, switch their recovery email to a different one you control.

Sign out of all sessions across every service that lets you. Look for active devices and revoke unfamiliar ones.

Step 5: For bank lockouts, call the official number

Don't email. Don't fill out web forms. Call the customer care number printed on the back of your card or in your physical passbook. Banks are well-equipped to verify your identity over a call and unlock or restore access. Have your account number, ID details, and recent transaction details ready.

Step 6: Document everything as you go

Take screenshots of error messages. Note the dates and times. Note what you tried. If you have to escalate to the service's support team or to a regulator, this paper trail makes a huge difference.

After recovery: don't repeat the same setup

If you got locked out because your recovery phone number is one you no longer have, fix that today. If you got hacked because of a reused password, change every reused password and turn on 2FA on the important accounts.

An account lockout is stressful. Worked through carefully, it's also a useful reminder to harden the accounts you depend on. Most people only do this once they've had a scare. Better to do it after the scare than never.