AKA: What not to do
Not a day goes by I don’t hear from someone who’s in the middle of some kind of account recovery process that isn’t working.
While I try to help out to the degree that I can — usually with instructions that are often no more than the service provider’s instructions translated into clearer English — it’s also not at all uncommon for those account recovery efforts to fail, and access to the account never be regained.
And to be super blunt about it, most of the time it’s the account owner’s own fault.
Become a Patron of Ask Leo! and go ad-free!
Account recovery fails most often because recovery information like alternate email addresses and phone numbers were never configured, or weren’t kept up to date. It’s important to set them and review them regularly to make sure they’ll be there if and when you need them.
The most common reason account recovery fails
Almost every online service has provisions for recovering lost passwords or regaining access to accounts that are inaccessible to their rightful owners. Those account recovery processes typically involve sending an email to an email address, a text message to a phone, or something else.
Those are great, reliable ways to prove you are the rightful owner of the account and should be allowed back in. Anything less would allow hackers to impersonate you or otherwise scam the system to break into accounts where they have no business being.
Many people don’t set up this recovery information, and those that do often don’t keep their information current.
Without it, there’s really no hope for recovery.
Alternate email addresses
These days, you should never have just a single email address.
You need at least two.
One you consider to be your real or primary address. The second can be configured as your “alternate” email address for that primary account. It is used should you ever need to prove that you are you.
Like, perhaps, when you forget your password …
… or when your account is hacked.
How do you prove that you are you? By being able to access that second email account. Account recovery frequently involves sending a password-reset link, code, or some other kind of information to that other email address. When you collect the information and use it, you prove you have access to that account. Since you’re the one who set it up as the alternate account, then you must be who you say you are, and thus you should be allowed back into the account.
Never set up an alternate email address? You can’t recover.
Lost access to the alternate email account? You can’t recover.
The conundrum of the phone
Many services now allow you to associate a phone number with your account.
Unduly paranoid folks believe this amounts to more ways for the service in question to keep tabs on them.
Phone numbers are another way to prove you are who you are. Rather than sending you an email, these services can send you a text message with a recovery code, or in some cases, a recorded voice to read that recovery code to you. Your ability to receive a code at the phone number you provided proves that you must be you, and once again should be allowed back into the account.
The conundrum I allude to is twofold:
- Many services only support text messaging, and thus mobile phones. You’ll need to use a different alternative authentication mechanism — like that alternate email account — if you don’t have a mobile phone.
- This typically fails if you lose access to your account or are asked for additional validation while traveling outside your own country. Once again, make sure you have an alternate identification mechanism in place — like that alternate email address — before you leave.
Nonetheless, I do advise setting this up if you can.
Losing your account in one easy step
Pick whichever approach you like:
- Don’t set up alternate authentication mechanisms like alternate email addresses or phone numbers at all.
- Let your alternate authentication mechanisms expire, change, or lose access to them without updating the account for which they’re the alternate mechanism.
Either works. You’ll lose access to your primary account forever if you ever get hacked or lose your password.
Do this NOW
To avoid losing access to important accounts, I strongly recommend that you:
- Set up an alternate authentication mechanism on your important accounts.
- If you already have, go check they’re all still valid.
I also recommend that you take advantage of all the alternate mechanisms offered.
- Set up an alternate email address, and keep that alternate email address active.
- Set up more than one alternate email address if you can.
- Associate a mobile phone number with the account.
- If you don’t have a mobile, and the service will do voice calls (reading you a recovery code), then associate a landline number with the account.
And above all, any time any of the above changes, make absolutely certain to update the information in your accounts. Alternate email addresses or phone numbers do you no good if you no longer have access to them.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!