According to Google, “the G Suite legacy free edition will no longer be available starting May 1, 2022.” Therefore, I shut down my account and documented the process for you. Read this post for guidance on how to do the same.

There were multiple aspects to migrating away from G Suite legacy free edition. These included:

1. Getting a copy of all my data
2. Migrating over to a new email provider
3. Preparing Google Drive shared files/folders
4. Shutting down the G Suite account
5. Signing up for regular Google accounts
6. Locking down the new Google accounts

Preface

I’m only covering things I had to do. Your situation will likely be different. Your G Suite account may use other Google services such as:

• Google Cloud Platform (GCP)
• Google Domains (DNS)
• Google Voice
• etc.

Make sure to replace or cancel those services prior to closing down your account.

Additionally, if you have single sign on (SSO) set up with non-Google websites, where you use your Google account to sign onto those websites rather than having a site-specific username and password, you may need to replace that sign-on mechanism with another SSO-provider or with username/password authentication. To find out which websites your account uses your Google account for SSO, navigate to the Apps with access to your account section of your account and scroll down to the “Signing in with Google” section.

Migrate to new email provider

I recommend using a privacy-focused email provider, such as ProtonMail.

This will involve:

1. Signing up for your new email provider’s service. (e.g.: ProtonMail)
2. Updating your DNS records to point to the new email provider. (e.g.: ProtonMail DNS configuration)
3. (optional) Uploading existing emails to your new service provider. (e.g. Import emails to ProtonMail)

Google Takeout

Use Google Takeout to download all your data. If you have Google’s Advanced Protection Program enabled on your accounts, you’ll need to wait an extra two days before the Takeout archives became available.

Google Drive shared files/folders

Copy links to any shared files or folders that you still want to be able to access. When I closed my G Suite legacy free edition account and then signed up for regular Google accounts for each of the email addresses that I still use, I was not automatically re-granted access to the shared resources in Google drive that I previously had access to. So if you plan on still using Google Drive, you’ll need to request access to any files/folders you want to continue to be able to access.

Similarly, if you are sharing documents or folders with anyone and you want to continue to share them, you’ll need to re-upload and re-share those resources after you sign up to a new Google account.

Shut down the G Suite account

First, cancel any subscriptions you have on your account from the subscriptions page.

Next, delete your organization’s Google Account.

Sign up for new Google accounts

If you still want to use Google services for email addresses that were associated with your G Suite legacy free edition organization, you will need to sign up for a new Google account for each of these email addresses.

To sign up for a Google account while using your own email address rather than Gmail, follow the steps under the “Use an existing email address” on this Google support page. It requires that you are able to receive email at that email address.

Verification phone number usage limit

If you have used or will use a particular phone number a bunch of times when signing up for multiple Google accounts, you may receive the following error when supplying a phone number during the sign-up process for a new Google account:

This phone number has already been used too many times for verification.

If you encounter this, you will have to use a new phone number for phone verification. So if you have lots of email accounts to create, be prepared that you may need to have multiple phone numbers on hand. You can change them to whatever number you want after the account is set up, but you just may need multiple phone numbers available for the initial account setup.

Also be aware that after you set up your account, you’ll need to make note of each place you use your phone number so you can change it to the phone number you actually want to use. For instance, this may include your account recovery phone number or your SMS-based MFA phone number. You’ll need to navigate to where those phone numbers are set in order to update them. The central location in your Google account that lists phone numbers in use does not allow you to directly change them from that listing.

Lock down the new Google accounts

I recommend locking down each of your Google accounts.

Enable two-factor authentication

Enable two-factor authentication (MFA). I recommend using a combination of MFA options:

1. Use a hardware key, such as a YubiKey.
2. As a fallback, you can use Google Smart Lock, which is an app on your phone that turns your phone into a hardware key.
3. Use an authenticator app.

Do not use SMS-based MFA. For more information, you can read about how hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security.

For further guidance about the risk levels of various MFA options, I recommend reading Daniel Miessler’s article, Not All MFA is Equal, and the Differences Matter a Lot.

Enroll in Google Advanced Protection Program

Next, I recommend enrolling in the free Google Advanced Protection Program, which “safeguards users with high visibility and sensitive information from targeted online attacks”. According to the FAQ, “the biggest change will be that one of your security keys will be required when you sign in to your account on a new device (or sign in on your phone after signing out).” Make sure to read through the FAQ to get a better understanding of the implications of enrolling, focusing in particular on the implications of losing your security keys. In that scenario, it will require submitting a request to recover your account. This will take a few days for Google to verify it’s you and restore your access.

Lock down your privacy settings

I recommend making some changes on the Data & privacy page:

• Pause and delete any existing Web & App activity
• Pause and delete any Location History
• Pause and delete any YouTube History
• Disable Ad personalization
• Disable Personal results in Search

This will de-personalize various Google services, but may not be necessary for your particular personal threat model.

Done

Congratulations! You’re done! You have successfully closed down your G Suite legacy free edition organization and optionally set up new Google accounts. If you went above and beyond, you also locked them down for enhanced security.