Google said this week that it would start deleting unused and abandoned accounts at the end of this year. In a blog post announcing an update to its inactive account policies, Ruth Kricheli, vice president of product management, explained that any accounts that haven’t been logged into or used in the previous two years were potentially in line for removal.
Google is presenting the updated policy as a security decision. In the blog post, Kricheli wrote that, “if an account hasn’t been used for an extended period of time, it is more likely to be compromised. This is because forgotten or unattended accounts often rely on old or re-used passwords haven’t had two factor authentication set up, and receive fewer security checks by the user.” According to Google’s internal analysis, unused accounts are “at least 10x less likely” to have two-factor verification set up which makes them easier for malicious actors to hijack and then use for identity theft, to send spam, and more.
As a result, Google is going to start deleting inactive accounts and their contents from Gmail, Google Docs, Google Drive, Google Meet, Google Calendar, and Google Photos no earlier than December, 2023. The company intends to take a phased approach and start by deleting accounts that were created but never used. Before an account is deleted, Google will send multiple notifications to the email address associated with it as well as any recovery email addresses.
The new inactivity policy applies to any personal Google Accounts that haven’t been signed into or used in some way in the last two years. Accounts managed by a business or school are safe, at least for now, even if they aren’t currently active.
It’s worth noting that the previous inactivity policy, announced in 2020, already allowed Google to delete the contents of any account that hadn’t been logged into for two years. The difference here is that the company may now delete the entire account, instead of just its content. According to 9to5Google, any deleted email addresses won’t be reassigned which nicely avoids the issues plaguing Twitter’s recently trial-ballooned username reassignment plan. The accounts will just permanently stop working.
There are also another few edge cases and caveats to note. Google Photos has its own two-year inactivity rules. To keep your photos from being deleted, you need to log into the service separately. Logging into your Google account will keep it active, but you may still lose your photos.
9to5Google reports that accounts with YouTube videos are also safe, at least for the time being, because deleting them “would be tricky as some old abandoned clips might have historical relevance.” Similarly, accounts that are signed into Android devices are considered active, as are any with an ongoing subscription to Google One or third-party apps.
The wording of the whole announcement seems to suggests that Google either hasn’t finalized the process and policies, or that it is keeping things relatively secret for security reasons. Either way, keeping your account active is relatively easy. All you have to do is sign in and perform some basic actions, like reading or sending an email, watching a YouTube video, using Google Search, or logging into a third-party service.
Kricheli also uses the announcement to recommend that Google users create a backup plan for their account and its contents. You can set up a recovery email, so that you can reclaim you account if you forget their password or otherwise lose access to it. If you no longer use an account, the Takeout feature allows you to download all your data and export it to another platform.
Finally, there is a Google feature called the Inactive Account Manager that allows you to specify what happens if you don’t sign into your account for 18 months. You can set up a Gmail autoresponder, send specific files to chosen contacts, or delete your account entirely. It’s designed so that if something bad happens to you, you have control over what happens to the (potentially meaningful) contents of your account.