It increases your protection.
No, this isn’t some conspiracy to get you to create yet another email address. Heck, the email address technically doesn’t even have to be yours -- but it does have to be set up before you need it.
Setting up this second email address (and keeping it up-to-date) is crucial.
Should you ever have problems signing in to your account in the future, you'll wish you had.
Become a Patron of Ask Leo! and go ad-free!
Why another email address?
Setting up a recovery email address is essential for account security. It allows you to regain access if you forget your password or get locked out. Set it up before problems arise, keep it up-to-date, and make sure it works to avoid losing your account forever.
Recovery email addresses
Recovery or alternate email addresses are nothing new. Almost all the free email services allow you to set one up. In fact, it’s strongly recommended that you do. They’re used if you ever lose access to your account.
For example, let’s say you lose your password and you can’t log in to your account. You click the “I forgot my password" link (or whatever it’s called in the service you’re using), and it sends a password link to the recovery email address. The assumption, of course, is that you have access to that recovery email account. Once you get the password reset link, you can change your password on your primary email account and log in again.
The recovery email address is something you have to set up before you need it. Obviously, if you could set one up without logging in, well, then... hackers could do that and hack into your account.
So you have to configure a recovery email address in your account settings before you need it. Typically, it’s another email account (ideally at another email service) you also have access to.
It needs to work
It doesn’t help to set up a recovery email address that doesn’t work. I’ve seen people just type in bogus email addresses as their recovery address. I’ve also seen people let the recovery email account simply expire and get closed because they never use it.
If you lose access to your primary account for whatever reason, you’re going to need that recovery address to work. Once you need to use it, it's too late to change it or set it up. If it’s configured but it doesn’t work, it's like not having set it up at all.
You may not get access to your account back.
Setting up a recovery address
The best thing to do is to set up a recovery address at another service.
For example, set up a Yahoo account to be the recovery address for your Gmail or Outlook.com account. Then set up the other way too -- set the Gmail address to be the recovery address for the Yahoo account. Make sure you log in to the recovery account from time to time so it doesn't gets closed for inactivity.
You can use the email of a very trusted friend as your recovery email address. I say “very trusted” because with the recovery address, they could hijack your account quickly and easily, and there would be no going back. You wouldn’t even have legal recourse since you gave them access. I’ve seen too many relationships and friendships go bad to ever recommend this, but I have to throw it out as one possibility.
Many systems strongly recommend -- or insist -- that you create a recovery email address. Just do it.
What the systems are responding to are the incredible number of account hacks that happen every day. If you have a recovery email address set up and working, you can regain access to their accounts quickly and relatively easily. If you don’t, well, if your account gets hacked, it may be gone forever.
There's no evil intent. The services are trying to protect you.
Do this
Set up a recovery email address. Set up a recovery phone number, if that's available. And above all, keep them up to date. Many accounts are lost forever because the recovery information is no longer valid.
Want another way to stay on top of current security options? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Use your wife’s E-mail address and vice versa then you have easy access to your recovery link.
Just remember that when the relationship goes sour and you are dividing the property between his and hers that you also “divide” the recovery email addresses, unless you like your ex- having access to your email.
Be careful about using your work email address as recovery for your personal accounts. When I changed jobs I had to do a fairly thorough review of places where I had done that, and make the changes before I finally lost assess to that account.
Phone numbers can also be used for recovery but then you need to update the info if you ever change your phone.
Would like to follow your advice, but, being caught between two major corporations is the definition of “hell,” it seems. My ISP is Verizon, and through them I pay for a “Verizon-Yahoo” (Yahoo Mail) e mail account. Practically speaking, neither company will assist with the most basic issues. Yahoo simply refuses to respond or even listen to feedback, and directs VY customers to Verizon; Verizon has no earthly idea of how to help with Yahoo Mail. It is so bad currently, I am unable to even change my Yahoo Mail password. A phone number is given to call Verizon … at their main 800 number. Of course, they have no earthly idea how to change a Yahoo email password.
I forgot my password , iAlso put in my phone number wrong, don’t remember test qus. What can I do. Need to be able to turn my phone number around.
At that point, you don’t have too many options:
See this article for more information on your options:
http://ask-leo.com/would_you_please_recover_my_password_my_account_has_been_hacked_or_ive_forgotten_it.html
If this is a Hotmail, MSN.com, Live.com or Outlook.com account, then this article discusses recovery options for the various ways that these accounts can be lost or compromised: http://askleo.com/what_are_my_lost_hotmail_account_and_password_recovery_options/
If this is a Facebook account then please see: http://askleo.com/how_do_i_recover_my_facebook_log_in_password/ and/or http://askleo.com/how-do-i-recover-my-hacked-facebook-account/
This is an old article, it seems. Replies are from 2014. I use 2 factor with my phone instead of another email. Isn’t this just as good, or better? thanks
It’s good, but 2 is better than one in this case. You email address serves as a backup if there’s a problem using your phone, such as a new number or traveling to a differnt country.
I have a phone # and 3 email addresses associated with all accounts that allow multiple email addresses.
I republished this year (2024) because it absolutely still applies.
2-factor is NOT an excuse not to have proper recovery information. There are still many things that could go wrong that will require your recovery info.
My ISP (Comcast/Xfinity) provides an email service for account holders and family members. My wife and I never use them except for account recovery purposes. Unless or until we no longer use that ISP, we can also count on being able to access those email accounts as we also pay the bill online.
Comcast would likely be more than helpful in the unlikely event we forgot the password (we use a password manager). Our cell phone service is also through Comcast and they have their own app for 2FA purposes as well as accessing the account. Incidentally, one cannot use a different authenticator app for Comcast.
Because the Comcast email addresses never get used elsewhere, they are unlikely to show up in a security breach.
I would recommend that people check with their ISPs to see if they have their own in-house email service and not a partnership such as the Verizon/Yahoo Mail. They could then use it for account recovery purposes.
I haven’t used my ISP’s email addresse since the 90s. I’ve changed ISPs a few times and after the first ISP change, I opened a Yahoo account, which at the time, billed itself as “Email for Life”. I still have it and use it for newsletters and as a recovery address.
Even using your ISP provided address only for account recovery can be a risk. If it’s the only recovery address, you’ll have to add a new recovery address if you change ISPs.
If you only have your ISP’s account as your recovery address. I’d add a couple more recovery addresses such as Gmail, Outlook.com. Yahoo, etc. I have 3 or 4 recovery address for my accounts.
I don’t rely solely on having a recovery email. The accounts I use all have multiple recovery methods setup- one-time codes, telephone numbers, authenticators, passkeys, etc.
Not having access to one method isn’t going to keep me out.
My traveling days are over and where I live, until recently, I only have one ISP to use if I want decent internet speeds. Yeah, it has been a monopoly for a long time. Comcast and AT&T literally split the territory.
PW recovery is a strong reason for a second email account. I suggest that a second account be established as a place to direct potential junk mail. How many times are you confronted with a request to provide an email to proceed? They are harvesting email addresses for nefarious purposes!
Also technique to consider the use of an email remailer. A remailer enables the user to program the final destination for email. Case in point – years ago I used Comcast and now I use FiOS If u use a remailer, I can log on to my remailer account and reprogram the destination from Comcast to FiOS and still use the remailer address. Bigfoot.com was a remailer – I don’t use any more (my Alma Mater university has a remailer service I use).