AKA what not to do.
Not a day goes by that I don’t hear from someone who’s in the middle of an account recovery process that isn’t working.
While I try to help out to the degree that I can — usually with instructions that are often no more than the service provider’s instructions translated into clearer English — it’s also not at all uncommon for those account recovery efforts to fail and access to the account never be regained.
Ever.
And to be super blunt about it, most of the time it’s the account owner’s own fault.
Become a Patron of Ask Leo! and go ad-free!
How to lose your account
Account recovery fails most often because recovery information like alternate email addresses and phone numbers were never configured or weren’t kept up to date. It’s important to set them and review them regularly to make sure they’ll be there if and when you need them.
The most common reason for failure
Almost every online service has provisions for recovering lost passwords or regaining access to accounts that are inaccessible to their rightful owners. Those account recovery processes typically involve sending an email to an alternate email address, a text message to a phone, or something else.
Those are great, reliable ways to prove you are the rightful owner of the account and should be allowed back in. Anything less would allow hackers to impersonate you or otherwise scam the system to break into accounts where they have no business being.
The problem?
Many people don’t set up this recovery information, and those that do often don’t keep their information current.
Without it, there’s really no hope for recovery.
Alternate email addresses
These days, you shouldn’t have just a single email address.
You need at least two.
The first you consider as your real or primary address. The second you use as your “alternate” email address for that primary account. You’ll use it when you need to prove that you are you.
Like when you forget your password on the primary account… or when your account is hacked.
How do you prove you are you? By being able to access that alternate email account. Account recovery frequently involves sending a password-reset link, code, or some other information to that email address. When you collect the information and use it, you’ve proven you have access to that account. Since you’re the one who set it up as the alternate account, then you must be who you say you are, and thus you should be allowed back into the account.
Never set up an alternate email address? You can’t recover the account.
Lost access to the alternate email account? You can’t recover the account.
The conundrum of the phone
Many services allow you to associate a phone number with your account.
Unduly paranoid folks believe this amounts to more ways for the service in question to keep tabs on them.
I disagree strongly.
Phone numbers are another way to prove you are who you are. Rather than sending you email, services can send you a text message with a recovery code, or in some cases, a recorded voice that reads the recovery code to you. Your ability to receive a code at the phone number you provided proves you must be you and should be allowed back into the account.
The conundrum I allude to is twofold.
- Many services only support text messaging, and thus only mobile phones. You’ll need to use a different alternative authentication mechanism — like that alternate email account — if you don’t have a mobile phone.
- This may easily fail if you lose access to your account or are asked for additional validation while traveling outside your own country. Once again, make sure you have an alternate identification mechanism in place — like that alternate email address — before you leave.
I advise setting this up if you can.
Losing your account in one easy step
Pick whichever approach you like:
- Don’t set up authentication mechanisms like alternate email addresses or phone numbers at all,
or
- Let your alternate authentication mechanisms expire or change without updating the account for which they’re the alternate mechanism.
Either works. You’ll lose access to your primary account forever if you ever get hacked or lose your password.
Do this
To avoid losing access to important accounts, I strongly recommend you:
- Set up an alternate authentication mechanism on your important accounts.
- If you already have, make sure they’re all still valid.
I also recommend that you take advantage of all the alternate mechanisms offered.
- Set up an alternate email address and keep that alternate email address active.
- Set up more than one alternate email address if you can.
- Associate a mobile phone number with the account.
- If you don’t have a mobile and the service will do voice calls (reading you a recovery code), then associate a landline number with the account.
And above all, any time any of the above changes, make absolutely certain to update the information in your accounts. Alternate email addresses or phone numbers do you no good if you no longer have access to them.
Want another way to stay on top of current security options? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
There’s one way to lose your account even if you do those things. If a hacker changes all of this recovery information. Some services protect against this by using 2 step verification and not changing your password or alternate address or phone numbers until you’ve entered the code they send you.
One mechanism I’ve thought of which I think would work would be for the web sites to have an “I believe my account was hacked, please send recovery information to a previous email address or phone number” link to be able to recover the account even if hackers have changed the recovery information.
Facebook has a good mechanism for protection against account loss info by allowing you to designate friends who can vouch for you. I highly recommend people to enable that feature.
There’s also one thing to watch out for in providing an alternate email account. If you plan to travel abroad, make sure your alternate email addresses don’t require 2 step verification if you try to access your account from abroad. I have an account with gmx.com and gmx.net for that purpose. They don’t require 2 step authentication when you travel.
That Facebook trusted contacts feature is extremely smart and awesome. Thanks for the tip Mark!
Sorry, I am a little confused, who is Mark? Isn’t he called Leo?
Mark is one of my assistants who comments here frequently. Same for Connie.
I need help recovering my Facebook . My daughter set LL this up for me and sh passed Aug 6 2018 I’m lost as to what I need to do. I sent my cell # and they said it was changed ????
Sorry for your loss. This is all I have on recovering a Facebook account: https://askleo.com/how-do-i-recover-my-hacked-facebook-account/
Someone changed my email on POF, Plenty of Fish dating site and sent out many messages and changed my profile. I received an email from POF stating my email was changed and to notify them if it was not authorized. I sent 3 replies telling them I did not change my email and to please close my account. They have not replied. Now some hacker has access tonmy main email address, password ( for that site) and my personal information. I feel so violated and worry that this hacker can steal all my other personal information from other sites that uses my email address. What can be done to get POF to respond and help? How can my personal information be protected? I am freaking out about this? How could this happen? Doesn’t POF have any security measures on their site?
Has anyone else faced this nightmare and what can be done? How can I secure my email and be sure my account wasn’t hacked? I am sending this question from my alternate email address, not the one I believe has been compromised. How will I know for sure if someone is using my email address? Please help me!
I can’t suggest anything other than to follow the channels POF has for account recovery. If you used the same password for POF and any other accounts, you need to change the password and check the recovery information on all of those accounts as the hackers can try that password out on other accounts.In fact, I’d consider changing the passwords to all my accounts.
See the following article for how to secure your accounts. The article is about securing email accounts but steps 1,2,5, & 6 apply to all hacked or potentially hacked accounts.
https://askleo.com/email_hacked_7_things_you_need_to_do_now/
How can I get into my gmail account with new phone & phone number. It’s important pics and info on it. I’m a grandmother
Read the article. You might not be able to. In the future, back up everything and keep your recovery phone #s and email accounts up to date.
I lost my facebook password someone can i help me please?
That’s this article which is already on Ask Leo! – http://askleo.com/how_do_i_recover_my_facebook_log_in_password/
People, enable these recovery options! I personally forgot the password to my microsoft email (it is on one of networks set up by Microsoft: hotmail, live, or outlook) which is linked to my microsoft account.
Luckily, the info was updated and the alternative email was in place. They just needed to be used.
I got my account back through the alternative email address recovery option since my phone’s battery was dead and was charging.
Seriously: If you want your account back, put recovery information into it to access it. You never know when it will be useful.
I have set up accounts at Google Gmail, Yahoo, Hotmail and AOL; each user name and password are written down in very careful letters not penmanship. With that printing in front of me all results are “Wrong user name or password”; If I do not know the password copied from in front of me then who knows more than I? My opinion is natural born (many generation) American citizens are classified as enemies. We USA citizens are a conquered nation. I stated such to Congress when homeland security was being debated before it was established. Do I half to become a foreigner to use e-mail?
I think this has more to do with mistyped passwords (yes, still), miswritten passwords, or even hacked accounts. Those are certainly the conclusions I would investigate before assuming there’s some government conspiracy. Nine times out of 10, when you KNOW you’re typing in the correct password and it still tells you you’re wrong, then a hacker has broken in and changed your password on you.
My Chromebook OS does not support microsoft-outlook or hotmail addresses. Please delete this address: {removed}@hotmail.com
If you can not delete this hotmail address please advise
Two important points!
1. Don’t post your email in a public forum: https://askleo.com/why_shouldnt_i_post_my_email_address_in_a_public_forum/
2. Here’s an article about deleting your Hotmail account: https://askleo.com/how_do_i_close_my_hotmail_or_outlookcom_account/
I experienced all the pains that people expressed in the comment section following this article and related ones (I read them all). My most frustrated one was recently when I visited my relatives in the NW and I was living in SW at the time. As Leo suggested I had one Hotmail account and my alternate e-mail is Yahoo (vice versa). The fun started when Hotmail required the verification code that they sent to Yahoo account (alternate e-mail) and lo and behold, as I tried to access Yahoo to retrieve the code, Yahoo did the same by denying my access and sent a verification code to my Hotmail account. You can see this clearly is a closed loop and nothing I can do about it. Trying to access my Hotmail account by sending Hotmail proof that I am the owner of the account is a joke. Anyhow things went back to normal when I returned to the SW and I have tried to set up phone numbers for recovery option as I will be travelling overseas very soon. Two things I did were; (1) signed up for Google voice which I was provided a VoIP number and have registered that with Hotmail and it was accepted but not Yahoo (Yahoo responded that they currently don’t accept VoIP number), and (2) updated my T-Mobile cell account (Clarification: I neither own T-Mobile stocks nor work for T-Mobile) with text option (I was told I could receive text for free in countries that T-Mobile has services or affiliated with the local phone services). This SMS feature from T-Mobile will be live saving for me as I travel to Asia next week. I haven’t experienced SMS feature w/ T-Mobile in Asia yet but I have read glowing reports from business folks who had used it (you could Google it). As I said I am trying to avoid the pains accessing my e-mails as I travel and try to prepare the best I can but will see… Good luck!
One way to protect your Hotmail account against this kind of thing is to set up a recovery code. You can use this code to get into your Microsoft mail account (Hotmail/Outlook.com) anywhere in the world. Then you can use your Microsoft mail address as a recovery address for your other accounts by having your unlock codes for these other account sent to your Microsoft mail address.
https://askleo.com/recover-your-microsoft-account-later-by-setting-up-a-recovery-code-now/
Regarding your, “we need to talk about XP”, video.
I am using my XP comp. as a video editing machine only
No email or going on line at all
Would I be correct in thinking that I could go on for years until the next video editing disc update is too much for the XP box or I suffer internal failure.
Seems to me the answer is yes I can until the pigeons come home to roost
Rudi
As long as you’re never transferring data to and from that machine, and it never goes on line, sure. My guess is you ARE transferring data to and from that machine, so you’ll need to take extra steps to stay safe, since that transfer can unknowingly include malware if you’re not careful.
I remember that were so many viruses which propagated from diskette to computer before the internet was widely used. I remember dialing up to McAffee to get virus definitions for my DOS machines in the 80s and pre-internet days. There were plenty of non-internet transmitted viruses. Anything which can transfer files to your computer can transfer viruses. After all, a virus is just a file. From my experience, I got more viruses pre-internet than after. My AV caught them before they ever got on my machine, I believe that’s due to better real time virus detection which is not available in non-updated systems.
Generally good information, but I think some dis-information about providers requiring mobile phone numbers as a “back up”.
First, all mobile carriers are participants in the data mining industry, either passively or actively. They will sell (or trade) lists of their active numbers with data brokers (ie Acxiom). Additionally we all know that cell providers actively track your location using various methods (tower triangulation)… they sell this data too, though they will say it has been anonymized. Sure it has, until the data broker compiles it with other data, and bingo… a profile is built that they then sell … to anyone… including the intelligence agencies and foreign corporations. This is only one small part of the data that is compiled on every one of us.
So if you don’t care about your privacy, then make it easier for Yahoo or Google or Facebook to cross reference you to everything.
Give them your mobile number, first middle and last name, date of birth, and shoe size (forget that, they have your zappos “My Favorites” already)
I’m not really concerned by what amounts to a conspiracy theory. To the extent your information might be used, they don’t care about you as an individual, they just collect massive amounts of data to track and use trends over large populations.
For most people, in my opinion, the benefits of the added account security and recoverability far outweigh any perceived privacy risk.
One thing you don’t mention, but which “should be” obvious…
When you set up those alternate email accounts to act as a recovery address for your mail account, don’t forget to set up recovery methods for them as well.
And don’t use the same email provider for the recovery address. (ie: don’t use a gmail address as a recovery method for your gmail account.)
All good points, my problem is I’m drowning in passwords. Unfortunately Windows updates play havoc with MY StuFF. The other day Mail was GONE. No icon, nothing. Gritted my teeth and held my tongue just the right way and got it back more by luck than good management. I said some very bad words!
This is an excellent advice. It works well if you trust that a big corporation like Google will never be tempted use your identity data to connect your various interests (hence, multiple accounts) with your real identity (true name, telephone number, cc card number for Google store, your geolocation, names of wifi wans your machine or phone detect, etc). Oh wait, they are in the business of advertising and selling your information, aren’t they? Never mind.
It’s excellent advice if you want to recover your hacked account. If you don’t trust the service … then don’t use the service.
I suppose this is just a comment; with no solution. You mention about giving your phone number when trying to retrieve an online account. Most of them assume that you have a smart phone that can access text messages. I don’t, so I’m lucky my bank will call my land line with a code number.
Recently I’ve noticed two issues on the Gmail Help Forum.
1) Users who have BOTH phone and alternative email address configured as backup options, but the system defaults to using phone only. No way to force it to send recovery to the email address when the phone is lost or inaccessible.
2) Users who have a new phone number and attempt to update it on the security page, but the system insists on verification via a code to the previously listed phone number which is now no longer available.
Is Gmail being unnecessarily over secure? What can be done when this impossible scenario presents itself?
Hackers can bypass 2SV – your mobile phone provider is the “weakest” link. A hacker can get phone carriers changed.
The chances of losing access to accounts these days have grown considerably, as for email accounts well these are quite easy to gain access to for a hacker. The information people use to regain access like email addresses etc is just more information the hacker can use, so this makes 2SV quite useless in many cases.
As for Facebook, well as a security advisor I would not entertain even having an account with them.
No. No. No. Two-step is NOT “useless”. While it’s not perfect, it is still vastly superior to not having it enabled at all. Please read: Why SMS Two-Factor Is Better than No Two-Factor at All
Hey Leo,
I am in need of adding a new email account with Google and would like to import all my older email over to new acct.
Is this safe or something to avoid?
Or would it be safer to just forward each one over to new acct?
I know gmail has an import feature within the cloud but not sure how safe that it either.
What do you recommend?
Thanks!
Honestly, it depends on your specific needs. I wouldn’t bother. I’d set up thunderbird to download all email from the old account, and then simply start a new one with no import.
It’s safe and easy to do. Set up both the old and the new account as an IMAP account in an email program like Thunderbird and copy or move the emails from the old account to the corresponding labels in the new account.
What is IMAP? And How Can it Help Me Manage My Email?
Ok but what if i don’t use Thunderbird or Firefox. Is that the only way to save or transfer them over?
I went to the website you posted about an email check to see if its ever been breached, results not good.
So merely i”m wanting to just save important emails or transfer ones I honestly need. Is their google to google
gmail transfer that works but would keep my new acct address from being compromised?
You could configure the new account to pick up email from the old using POP3 or IMAP, but if you’re going through that trouble why not ALSO use a PC and get your email backed up at the same time?
These breaches are out of your control. Switching email addresses will NOT prevent additional breaches on old or new account. In fact, I don’t recommend switching email addresses or accounts when this happens — there’s no point. Follow best security practices, including long/strong password and two-factor authentication when available. That’s the best you can do, on the existing account or the new one.
I cant login my facebook and i dont have the same number to send the reset password code.
Please see these articles for information on recovering Facebook accounts:
https://askleo.com/how_do_i_recover_my_facebook_log_in_password/ and/or
https://askleo.com/how-do-i-recover-my-hacked-facebook-account/
Unfortunately, as the article you are commenting on says, if you no longer have access to the recovery email account or phone number, your account may be lost forever. It’s important to always keep these up to date on your account.
I am having problems. I got a new phone (same phone number and same provider). It won’t let me access my facebook because the code generator will not come to me through text. I have done the picture with the code and sent it in and I have done the ID thing and sent it in also. But nothing happens how long does it usually take for someone to receive that and let you in? Do you receive an email? I have pictures on there of my deceased mom so any help would be greatly appreciated!
I need help recovering my fb account. I have done this beofor and used pics to prove I knew the peope on my friends list. and I cant for the life of me remember how to do it.
I’d start you here: How Do I Recover My Facebook Password?
I can’t get in to my Amazon account . In UK . It won’t let me because old email , live mail hasn’t worked for a while and my iPhone no is not any use to them . They need a new password but that involved contacting them by phone . I did this and spoke to their call centre in India . Their agent asked for my card no to authenticate my account . Then they transferred me to another agent to purportedly get my account sorted . But they were criminals who hacked my bank account and took money by tricking me.
It was unbelievable . Amazon cannot be safely contacted and it’s a disgrace . Can’t email them as they need me to go through my account !!!
How did you get Amazon’s support number? That was not Amazon you called. If you found it through a Google search then it was almost certainly a scam number.
The Risk of Searching a Support Number.
Depending on how you located a telephone number it’s more likely that you weren’t talking to Amazon at all.
Is there anyway to actually contact Facebook.
They have sent me a six digit recovery code to an email I have never set up (I do not have any outlook emails). So I tried to do the 3 friends that I had set up, but everytime I manage to contact all three of them and get a code, Facebook will then say my link has expired and I have to do it all over again.
I am so frustrated to have lost all of my contacts from the last 15ish years and photos. Any suggestions?
I know of no way to contact Facebook directly. Sorry. All I can suggest is setting up a new account and making absolutely certain to set up and maintain current recovery information.
Google couldn’t verify this account belongs to you. This happened because Advanced Protection is turned on for this account. For your protection, you can’t sign in right now.
I have tried many times to recovery my gmail account as I have forgot my alternative email id also so I coundnt recover my account. plz help..
do I need to wait for 2 weeks.. as I have read somewhere that its takes 2 weeks to unenrolled automatically from advance protection of gmail account if I wont apply for security key.
We cannot help you. This underscores the importance of always keeping your alternate account recovery information up to date.
So. There are a lot of ways to get /setup recovery information. The problem I have is that there are so many sites to protect/recover, that I had to design a spreadsheet to organize them all. What is a good way to organize them. I want to be able to hand my spouse a copy so she can use the sites if I’m gone. A printed version is in the home office safe. Any template suggestions or alternative recommendations?
The best way to manage Web passwords is with a password manager like LastPass. It keeps your passwords in a vault protected by a master password. That’s why it’s called LastPass because it’s the last Web password you’ll need to remember. It keeps your passwords synchronized on all your devices. If you prefer one which doesn’t keep a copy of the encrypted vault on their servers, you might prefer KeePass.
I have upgraded my Note 10 to android 11. After that, I can’t sign to my google account via android phone. I’m getting a message ; “You’ve tried to signin too many times. For your protection, you can’t sign in right now. Try again later or sign in from a different device”. I normally log in via a web browser and select that device as secure but I still get the same message :(
I LOST MY PHONE NUMBER SOME ON HELP ME TO RECOVER MY GMAIL ACCOUNT PLEASE BROTHER
Please review the account recovery options as outlined in this article: https://askleo.com/access-gmail-without-phone-verification/
If Google’s recovery process doesn’t work for you — maybe you don’t have the recovery email or phone — MAKE SURE to follow Facebook’s instructions CAREFULLY and COMPLETELY.
If the Google recovery process can’t be made to work, I know of no way to recover the account. If that’s your situation I’m very sorry.
If you DO recover your account you’ll want to check the steps in this article to prevent losing it again: https://askleo.com/facebook-hacked/
Many people have complained about outlook.com (Hotmail. live.com. msn.com) because of being locked out of their accounts due to traveling etc. It appears they’ve payed attention to those complaints and added the option of downloading a recovery code for the account. Of course, you can lose that, but if you retain a few backup copies, you should be safe. This circumvents the problem of changing phone numbers, hacked account, or traveling out the country. I used to hate Hotmail, but now, it’s probably on of the most secure free email service providers because of that recovery option.
Microsoft Account Recovery Code What and why with instructions included
Can you help me because I needed to log in my gmail & for my phone but well it’s still lost my Iphone at all man broken.
Read the article you are commenting on. If you don’t have the recovery email recovery accounts or the recovery phone number, your account is unrecoverable.
Hi I have a Gmail account that was hacked the phone number was changed and I believe the password was changed because I cannot get in it I’m a senior citizen and I’ve had that account that I’m trying to get back into for over 10 years it’s got a very important pictures on it videos and items that I need to have to have with me when I go to court against someone who has stole my identity can you please help me out I do have a recover email to go to it but it’s not nothing’s going to it please help me out
(Sorry for the form response, but I get this question A LOT.)
Please review the account recovery options as outlined in this article: https://askleo.com/access-gmail-without-phone-verification/
If Google’s recovery process doesn’t work for you — maybe you don’t have the recovery email or phone — MAKE SURE to follow Google’s instructions CAREFULLY and COMPLETELY.
If the recovery process can’t be made to work, I know of no way to recover the account. If that’s your situation I’m very sorry.
If you DO recover your account you’ll want to check the steps in this article to prevent losing it again (it discusses Facebook, but the steps apply to Google as well): https://askleo.com/facebook-hacked/
good article fist thought I don’t want to know what not to do but its well set out and i’ve learned stuff so thats good
Hello good day, I lost my phone someone rob it at store, I forgot my gmail pass and I really need to recover it. All I need is my newborn pictures it’s a treasure for me. Pls help I really do appreciate you, it means a lot for me, thankyousomuch! This is my current gmail acc
We can’t recover accounts. Here are a couple of articles on recovering email accounts.
Would You Please Recover My Password?
How Do I Access Gmail Without Phone Verification?
Hi,
I need to recover one of my gmail account, but i havent provide recovery mail oe phone number added to this account.
And i dont remember the password too.
How can i recover my account. I do have info of the date i created this gmail
Sorry for the canned response, but this is a question that comes up often:
https://askleo.com/would_you_please_recover_my_password_my_account_has_been_hacked_or_ive_forgotten_it/
https://askleo.com/lost-gmail-account-recovery-with-no-phone-or-alternate-email/
Unfortunately, if you no longer have access to the recovery email account and phone number, or you can’t supply enough information to recover your account, your account may be lost forever, although some websites have a way of recovering accounts using older recovery email accounts or phone numbers in case of hacks. It’s important to always keep these up to date on your account.
https://askleo.com/a-one-step-way-to-lose-your-account-forever/
I need to recover one of my gmail account, but i havent provide recovery mail oe phone number added to this account.
And i dont remember the password too.
How can i recover my account. I do have info of the date i created this Gmail
(Sorry for the form response, but I get this question A LOT.)
Please review the account recovery options as outlined in this article: https://askleo.com/access-gmail-without-phone-verification/
If Google’s recovery process doesn’t work for you — maybe you don’t have the recovery email or phone — MAKE SURE to follow Google’s instructions CAREFULLY and COMPLETELY.
If the recovery process can’t be made to work, I know of no way to recover the account. If that’s your situation I’m very sorry.
If you DO recover your account you’ll want to check the steps in this article to prevent losing it again: https://askleo.com/google-account-hacked/
Good luck!