Your email account is valuable and can be a gateway to others.
And that should worry you.
No. Let me say that differently. It shouldn’t worry you; it should strengthen your resolve to properly secure all your accounts.
Become a Patron of Ask Leo! and go ad-free!
Getting into other accounts
If a hacker gains access to the account you use as a recovery account elsewhere, they can use the “forgot password” system to change passwords and gain access to those other accounts as well. Setting account recovery information is critical, so it’s important that the account used for recovery is appropriately secured.
Getting into your Gmail account
All accounts are under more-or-less constant attack via various mechanisms. Gmail accounts, because of their popularity, are a common target.
If one of those methods succeeds — say you fell victim to a phishing attack and entered your credentials on what turns out to be a fake, hacker-controlled website — then you’ve handed over your username and password to someone who can then sign into your account.
With Gmail, of course, it’s not really a Gmail-only account; they now have access to all the Google services you use. They have access to your Google account.
But they can often leverage this as a foot in the door to hack into some of your other accounts as well.
I wasn’t going to mention this, but so many people do it that it’s worth emphasizing.
If a hacker learns your Gmail password — or any of your passwords — and you use that same password with other accounts, then yes, hackers are likely to eventually gain access to those accounts as well.
Don’t do that. Never re-use passwords.
Getting into more
It’s not uncommon to have one email account — often the account you use daily — as the backup or “alternate email address” for many of your other accounts. That’s called a recovery account because if you lose access to your account, the service may send a temporary password to that recovery account. If either account is hacked, you need to take action quickly.
The issue is pretty simple:
- The hacker can can see from the email in your account what other services you use.
- They can then visit those services and perform a “forgot password” account recovery, specifying the Gmail account as the recovery address.
- With access to your Gmail account, they can reset the password on these other accounts and hack in.
Your recovery account can act as a gateway to all the other accounts associated with it.
It’s critical that you still set up alternate or recovery accounts whenever possible.
But it’s also critical that whatever account you use be properly secured.
- That account needs its recovery information set up properly and kept up to date.
- Enable two-factor authentication on any account you’re using as the recovery account for others to make it more secure.
Your recovery account might be the most important account you have. Secure it properly.
Staying on top of things is important too. Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.