Jul 30, 2009

Gmail password recovery

After reading this post on password recovery, it turns out that if you don't log into your secondary email address, it could expire. This is pretty obvious, however we don't really think about this very often. It also poses a security risk, since if say your old account expires, but someone else comes along and registers it, they can do a password reset on your current email account. And if they control your current email account, they pretty much control your online identity.

So if you're using Gmail, maybe it is a good idea to update your alternate email, and make sure that you can still log into it. It turns out that my alternate email was my Bishop's email, which is no longer available. The instructions for updating your alternate email are here: http://mail.google.com/support/bin/answer.py?hl=en&answer=6566

One thing I noticed is you can put your phone number in to SMS your password reset code to you. Does anybody know if this is a security risk or not?

1 comment:

Owein said...

I use Digsby, which monitors my 'main' personal email account and my 'backup' yahoo account... I think that monitoring prevents the yahoo account from ever getting 'stale.' Of course, I have to trust Digsby with passwords for both and hope they are never hacked or I'm screwed, but hey... maybe no one will ever break into my car, either.