Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

62 comments on “A One-Step Way to Lose Your Account Forever”

  1. There’s one way to lose your account even if you do those things. If a hacker changes all of this recovery information. Some services protect against this by using 2 step verification and not changing your password or alternate address or phone numbers until you’ve entered the code they send you.

    One mechanism I’ve thought of which I think would work would be for the web sites to have an “I believe my account was hacked, please send recovery information to a previous email address or phone number” link to be able to recover the account even if hackers have changed the recovery information.

    Facebook has a good mechanism for protection against account loss info by allowing you to designate friends who can vouch for you. I highly recommend people to enable that feature.

    There’s also one thing to watch out for in providing an alternate email account. If you plan to travel abroad, make sure your alternate email addresses don’t require 2 step verification if you try to access your account from abroad. I have an account with and for that purpose. They don’t require 2 step authentication when you travel.

      • Someone changed my email on POF, Plenty of Fish dating site and sent out many messages and changed my profile. I received an email from POF stating my email was changed and to notify them if it was not authorized. I sent 3 replies telling them I did not change my email and to please close my account. They have not replied. Now some hacker has access tonmy main email address, password ( for that site) and my personal information. I feel so violated and worry that this hacker can steal all my other personal information from other sites that uses my email address. What can be done to get POF to respond and help? How can my personal information be protected? I am freaking out about this? How could this happen? Doesn’t POF have any security measures on their site?
        Has anyone else faced this nightmare and what can be done? How can I secure my email and be sure my account wasn’t hacked? I am sending this question from my alternate email address, not the one I believe has been compromised. How will I know for sure if someone is using my email address? Please help me!

        • I can’t suggest anything other than to follow the channels POF has for account recovery. If you used the same password for POF and any other accounts, you need to change the password and check the recovery information on all of those accounts as the hackers can try that password out on other accounts.In fact, I’d consider changing the passwords to all my accounts.
          See the following article for how to secure your accounts. The article is about securing email accounts but steps 1,2,5, & 6 apply to all hacked or potentially hacked accounts.

      • How can I get into my gmail account with new phone & phone number. It’s important pics and info on it. I’m a grandmother

  2. People, enable these recovery options! I personally forgot the password to my microsoft email (it is on one of networks set up by Microsoft: hotmail, live, or outlook) which is linked to my microsoft account.

    Luckily, the info was updated and the alternative email was in place. They just needed to be used.

    I got my account back through the alternative email address recovery option since my phone’s battery was dead and was charging.

    Seriously: If you want your account back, put recovery information into it to access it. You never know when it will be useful.

  3. I have set up accounts at Google Gmail, Yahoo, Hotmail and AOL; each user name and password are written down in very careful letters not penmanship. With that printing in front of me all results are “Wrong user name or password”; If I do not know the password copied from in front of me then who knows more than I? My opinion is natural born (many generation) American citizens are classified as enemies. We USA citizens are a conquered nation. I stated such to Congress when homeland security was being debated before it was established. Do I half to become a foreigner to use e-mail?

    • I think this has more to do with mistyped passwords (yes, still), miswritten passwords, or even hacked accounts. Those are certainly the conclusions I would investigate before assuming there’s some government conspiracy. Nine times out of 10, when you KNOW you’re typing in the correct password and it still tells you you’re wrong, then a hacker has broken in and changed your password on you.

  4. My Chromebook OS does not support microsoft-outlook or hotmail addresses. Please delete this address: {removed}
    If you can not delete this hotmail address please advise

  5. I experienced all the pains that people expressed in the comment section following this article and related ones (I read them all). My most frustrated one was recently when I visited my relatives in the NW and I was living in SW at the time. As Leo suggested I had one Hotmail account and my alternate e-mail is Yahoo (vice versa). The fun started when Hotmail required the verification code that they sent to Yahoo account (alternate e-mail) and lo and behold, as I tried to access Yahoo to retrieve the code, Yahoo did the same by denying my access and sent a verification code to my Hotmail account. You can see this clearly is a closed loop and nothing I can do about it. Trying to access my Hotmail account by sending Hotmail proof that I am the owner of the account is a joke. Anyhow things went back to normal when I returned to the SW and I have tried to set up phone numbers for recovery option as I will be travelling overseas very soon. Two things I did were; (1) signed up for Google voice which I was provided a VoIP number and have registered that with Hotmail and it was accepted but not Yahoo (Yahoo responded that they currently don’t accept VoIP number), and (2) updated my T-Mobile cell account (Clarification: I neither own T-Mobile stocks nor work for T-Mobile) with text option (I was told I could receive text for free in countries that T-Mobile has services or affiliated with the local phone services). This SMS feature from T-Mobile will be live saving for me as I travel to Asia next week. I haven’t experienced SMS feature w/ T-Mobile in Asia yet but I have read glowing reports from business folks who had used it (you could Google it). As I said I am trying to avoid the pains accessing my e-mails as I travel and try to prepare the best I can but will see… Good luck!

  6. Regarding your, “we need to talk about XP”, video.
    I am using my XP comp. as a video editing machine only
    No email or going on line at all
    Would I be correct in thinking that I could go on for years until the next video editing disc update is too much for the XP box or I suffer internal failure.
    Seems to me the answer is yes I can until the pigeons come home to roost

    • As long as you’re never transferring data to and from that machine, and it never goes on line, sure. My guess is you ARE transferring data to and from that machine, so you’ll need to take extra steps to stay safe, since that transfer can unknowingly include malware if you’re not careful.

    • I remember that were so many viruses which propagated from diskette to computer before the internet was widely used. I remember dialing up to McAffee to get virus definitions for my DOS machines in the 80s and pre-internet days. There were plenty of non-internet transmitted viruses. Anything which can transfer files to your computer can transfer viruses. After all, a virus is just a file. From my experience, I got more viruses pre-internet than after. My AV caught them before they ever got on my machine, I believe that’s due to better real time virus detection which is not available in non-updated systems.

  7. Generally good information, but I think some dis-information about providers requiring mobile phone numbers as a “back up”.
    First, all mobile carriers are participants in the data mining industry, either passively or actively. They will sell (or trade) lists of their active numbers with data brokers (ie Acxiom). Additionally we all know that cell providers actively track your location using various methods (tower triangulation)… they sell this data too, though they will say it has been anonymized. Sure it has, until the data broker compiles it with other data, and bingo… a profile is built that they then sell … to anyone… including the intelligence agencies and foreign corporations. This is only one small part of the data that is compiled on every one of us.

    So if you don’t care about your privacy, then make it easier for Yahoo or Google or Facebook to cross reference you to everything.
    Give them your mobile number, first middle and last name, date of birth, and shoe size (forget that, they have your zappos “My Favorites” already)

    • I’m not really concerned by what amounts to a conspiracy theory. To the extent your information might be used, they don’t care about you as an individual, they just collect massive amounts of data to track and use trends over large populations.

      For most people, in my opinion, the benefits of the added account security and recoverability far outweigh any perceived privacy risk.

  8. One thing you don’t mention, but which “should be” obvious…

    When you set up those alternate email accounts to act as a recovery address for your mail account, don’t forget to set up recovery methods for them as well.

    And don’t use the same email provider for the recovery address. (ie: don’t use a gmail address as a recovery method for your gmail account.)

  9. All good points, my problem is I’m drowning in passwords. Unfortunately Windows updates play havoc with MY StuFF. The other day Mail was GONE. No icon, nothing. Gritted my teeth and held my tongue just the right way and got it back more by luck than good management. I said some very bad words!

  10. This is an excellent advice. It works well if you trust that a big corporation like Google will never be tempted use your identity data to connect your various interests (hence, multiple accounts) with your real identity (true name, telephone number, cc card number for Google store, your geolocation, names of wifi wans your machine or phone detect, etc). Oh wait, they are in the business of advertising and selling your information, aren’t they? Never mind.

    • It’s excellent advice if you want to recover your hacked account. If you don’t trust the service … then don’t use the service.

  11. I suppose this is just a comment; with no solution. You mention about giving your phone number when trying to retrieve an online account. Most of them assume that you have a smart phone that can access text messages. I don’t, so I’m lucky my bank will call my land line with a code number.

  12. Recently I’ve noticed two issues on the Gmail Help Forum.

    1) Users who have BOTH phone and alternative email address configured as backup options, but the system defaults to using phone only. No way to force it to send recovery to the email address when the phone is lost or inaccessible.
    2) Users who have a new phone number and attempt to update it on the security page, but the system insists on verification via a code to the previously listed phone number which is now no longer available.

    Is Gmail being unnecessarily over secure? What can be done when this impossible scenario presents itself?

  13. Hackers can bypass 2SV – your mobile phone provider is the “weakest” link. A hacker can get phone carriers changed.

    The chances of losing access to accounts these days have grown considerably, as for email accounts well these are quite easy to gain access to for a hacker. The information people use to regain access like email addresses etc is just more information the hacker can use, so this makes 2SV quite useless in many cases.

    As for Facebook, well as a security advisor I would not entertain even having an account with them.

  14. Hey Leo,

    I am in need of adding a new email account with Google and would like to import all my older email over to new acct.
    Is this safe or something to avoid?
    Or would it be safer to just forward each one over to new acct?
    I know gmail has an import feature within the cloud but not sure how safe that it either.
    What do you recommend?


    • Honestly, it depends on your specific needs. I wouldn’t bother. I’d set up thunderbird to download all email from the old account, and then simply start a new one with no import.

      • Ok but what if i don’t use Thunderbird or Firefox. Is that the only way to save or transfer them over?
        I went to the website you posted about an email check to see if its ever been breached, results not good.
        So merely i”m wanting to just save important emails or transfer ones I honestly need. Is their google to google
        gmail transfer that works but would keep my new acct address from being compromised?

        • You could configure the new account to pick up email from the old using POP3 or IMAP, but if you’re going through that trouble why not ALSO use a PC and get your email backed up at the same time?

          These breaches are out of your control. Switching email addresses will NOT prevent additional breaches on old or new account. In fact, I don’t recommend switching email addresses or accounts when this happens — there’s no point. Follow best security practices, including long/strong password and two-factor authentication when available. That’s the best you can do, on the existing account or the new one.

  15. I am having problems. I got a new phone (same phone number and same provider). It won’t let me access my facebook because the code generator will not come to me through text. I have done the picture with the code and sent it in and I have done the ID thing and sent it in also. But nothing happens how long does it usually take for someone to receive that and let you in? Do you receive an email? I have pictures on there of my deceased mom so any help would be greatly appreciated!

  16. I need help recovering my fb account. I have done this beofor and used pics to prove I knew the peope on my friends list. and I cant for the life of me remember how to do it.

  17. I can’t get in to my Amazon account . In UK . It won’t let me because old email , live mail hasn’t worked for a while and my iPhone no is not any use to them . They need a new password but that involved contacting them by phone . I did this and spoke to their call centre in India . Their agent asked for my card no to authenticate my account . Then they transferred me to another agent to purportedly get my account sorted . But they were criminals who hacked my bank account and took money by tricking me.
    It was unbelievable . Amazon cannot be safely contacted and it’s a disgrace . Can’t email them as they need me to go through my account !!!

  18. Is there anyway to actually contact Facebook.

    They have sent me a six digit recovery code to an email I have never set up (I do not have any outlook emails). So I tried to do the 3 friends that I had set up, but everytime I manage to contact all three of them and get a code, Facebook will then say my link has expired and I have to do it all over again.

    I am so frustrated to have lost all of my contacts from the last 15ish years and photos. Any suggestions?

  19. Google couldn’t verify this account belongs to you. This happened because Advanced Protection is turned on for this account. For your protection, you can’t sign in right now.

    I have tried many times to recovery my gmail account as I have forgot my alternative email id also so I coundnt recover my account. plz help..

    do I need to wait for 2 weeks.. as I have read somewhere that its takes 2 weeks to unenrolled automatically from advance protection of gmail account if I wont apply for security key.

  20. So. There are a lot of ways to get /setup recovery information. The problem I have is that there are so many sites to protect/recover, that I had to design a spreadsheet to organize them all. What is a good way to organize them. I want to be able to hand my spouse a copy so she can use the sites if I’m gone. A printed version is in the home office safe. Any template suggestions or alternative recommendations?

    • The best way to manage Web passwords is with a password manager like LastPass. It keeps your passwords in a vault protected by a master password. That’s why it’s called LastPass because it’s the last Web password you’ll need to remember. It keeps your passwords synchronized on all your devices. If you prefer one which doesn’t keep a copy of the encrypted vault on their servers, you might prefer KeePass.

  21. I have upgraded my Note 10 to android 11. After that, I can’t sign to my google account via android phone. I’m getting a message ; “You’ve tried to signin too many times. For your protection, you can’t sign in right now. Try again later or sign in from a different device”. I normally log in via a web browser and select that device as secure but I still get the same message :(

  22. Many people have complained about (Hotmail. because of being locked out of their accounts due to traveling etc. It appears they’ve payed attention to those complaints and added the option of downloading a recovery code for the account. Of course, you can lose that, but if you retain a few backup copies, you should be safe. This circumvents the problem of changing phone numbers, hacked account, or traveling out the country. I used to hate Hotmail, but now, it’s probably on of the most secure free email service providers because of that recovery option.
    Microsoft Account Recovery Code What and why with instructions included

  23. Can you help me because I needed to log in my gmail & for my phone but well it’s still lost my Iphone at all man broken.

  24. Hi I have a Gmail account that was hacked the phone number was changed and I believe the password was changed because I cannot get in it I’m a senior citizen and I’ve had that account that I’m trying to get back into for over 10 years it’s got a very important pictures on it videos and items that I need to have to have with me when I go to court against someone who has stole my identity can you please help me out I do have a recover email to go to it but it’s not nothing’s going to it please help me out

    • (Sorry for the form response, but I get this question A LOT.)

      Please review the account recovery options as outlined in this article:

      If Google’s recovery process doesn’t work for you — maybe you don’t have the recovery email or phone — MAKE SURE to follow Google’s instructions CAREFULLY and COMPLETELY.

      If the recovery process can’t be made to work, I know of no way to recover the account. If that’s your situation I’m very sorry.

      If you DO recover your account you’ll want to check the steps in this article to prevent losing it again (it discusses Facebook, but the steps apply to Google as well):

  25. good article fist thought I don’t want to know what not to do but its well set out and i’ve learned stuff so thats good

  26. Hello good day, I lost my phone someone rob it at store, I forgot my gmail pass and I really need to recover it. All I need is my newborn pictures it’s a treasure for me. Pls help I really do appreciate you, it means a lot for me, thankyousomuch! This is my current gmail acc


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.