Yes. Yes, you do.
Yes, you need a recovery email for every account that offers the ability to set one.
Recovery email is one of those concepts that is easy to take for granted and assume everyone understands. Even if you do, you might want to review the concepts and ensure that the recovery email addresses you have are set up properly.
Become a Patron of Ask Leo! and go ad-free!
Yes, you need a recovery email
Recovery email accounts are separate email accounts you configure to give your primary accounts another way to contact you. Your ability to receive a recovery code on your recovery account proves you are you and should be allowed back into your primary account should you ever be denied access. Make certain to keep your recovery account up-to-date and access it periodically to ensure it’ll be there when you need it.
You need another email account
My example will set up a recovery email address for your Gmail account, but this concept applies to any email account anywhere. It also applies to any non-email service that takes an email account as a recovery or alternate email (like social media accounts, for example).
You start by creating (or using) a second email account.
For example, I have a Gmail account, firstname.lastname@example.org. If I want to set up an alternate email address for that account, I’ll create a new email account somewhere else. In my case, that’ll be email@example.com.
I now have two separate email accounts:
- The original account — firstname.lastname@example.org — the one for which I want to specify an alternate email address.
- A second account — email@example.com — the account I’ll use as the alternate email address for the original one.
So far, they are completely independent of one another. I can send and receive messages using either. I sign into gmail.com to access one and outlook.com for the other.
Setting the alternate
This varies depending on which service you’re using, but for Gmail, visit myaccount.google.com/security, look for the section “Ways we can verify it’s you”, and then click on Recovery email.
Enter your other email address: the second account that you intend to use as the recovery account. In my case, that’s firstname.lastname@example.org. Click on Next.
You’ll be asked to enter a verification code.
The primary account — my email@example.com account — has sent an email with a security code to the recovery account I’ve specified. This is to make sure you didn’t mistakenly enter an invalid account or an email address belonging to someone else, and you can actually access that recovery account.
Now, go visit the inbox for that other account. In my case, that means I open outlook.com for my firstname.lastname@example.org account. Sure enough, there’s a message in that account’s inbox with a code.
Enter this number received on the second, alternate account, into the box that was presented by the first, primary account, and click Verify.
You’ve now told the primary service (Gmail) that this other account (on Outlook.com) is also yours.
In my case, I’ve now set up email@example.com as my alternate or recovery email address for my firstname.lastname@example.org account. The Gmail servers can now reach me at my outlook.com address as well, because I’ve set it up and said, “Yep, that’s me too.”
Using the alternate
Ok, great, you’ve got an alternate or recovery email address set up with your account. When would you use it?
When/if you can’t log in.
Your password isn’t accepted for whatever reason. Perhaps you don’t remember it, perhaps a hacker or someone else changed it, but regardless of the reason, you can’t log in.
Then you use the “forgot password” link to begin the account recovery process.
For most services, this begins a process to confirm you are the rightful account holder and should be allowed to set a new password and regain access to the account.
One way the service does this is by sending a code to your alternate email address, much like they did above when you set it up.
To receive the code, you sign in to that alternate email address. In my case, if I were having problems signing into my Gmail account, email@example.com, I would go to outlook.com and sign in to my firstname.lastname@example.org account to find the message with the recovery code in my inbox there.
Your ability to receive this code at that email address proves you are who you say you are because when you set up the alternate email address, you effectively told the service, “This is me, too.”
Enter the code you received, and the service knows it’s you. Generally, it then allows you to specify a new password.
At this point, you have two email accounts. In our example, one Gmail account has another, a Hotmail account, set as it’s alternate.
For security’s sake, that Hotmail account should have an alternate email configured as well. The process is similar.
But you don’t need to get a third email account.1 It’s fine to:
- Set the second account as the alternate for the first, as we did above.
- Set the first as the alternate for the second.
That way, either account can be used to recover the other should you have problems later on.
The only time this becomes an issue is if you’re having problems with both accounts at the same time. As long as you regularly sign in to each, the chance of this happening is low.
Choosing an alternate
You’ll notice that I’ve explicitly chosen two different email addresses on two different services: Gmail and Outlook.com (aka Hotmail). This is on purpose.
You could, however, have both your primary and alternate email addresses be two different Gmail accounts.
I prefer (and recommend) having alternate email addresses be on completely different services for an additional layer of protection against system-wide issues. For example, if something prevented you from signing in to any Gmail account — perhaps because you’re travelling or some other cause — then having an account on a completely different service stands a higher chance of allowing you to recover the account.
The choice is yours, and it’s more important to have an alternate — any alternate — than no alternate at all. But while you’re at it anyway, choose a separate system.
Maintaining the alternate
I mentioned above that as long as you regularly sign into both accounts, you’re unlikely to have a situation where both fail at the same time.
It would surprise you how many people fail to do this. They spend their lives in their primary account and completely ignore their alternate. Some time — often years — later, when they need the alternate, it’s no longer available. Or they’ve forgotten the password. Or there’s some other hurdle preventing its use.
Sign in to your alternate email address account periodically. Once a month works well, just to make sure it’s still there and ready for you.
Set up and maintain an alternate email address for every account you can.2 Make sure you continue to access that account periodically, even if you never use it for anything else.
One thing you might do with it is subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.