What email should I use as a “recovery email” for my own account? A friend’s? Or should I use my own email?
With few exceptions, your recovery email address should be an email address you control.
Let’s look at not only those exceptions, but some additional characteristics of a recovery email address you’ll want to be aware of to keep all your accounts safe and secure.
A recovery email address is used to regain access to an account you’re unable to sign in to. Generally it should be an account under your control, and on a different email service. What’s most important, though, is that you periodically make sure it’s working rather than finding out it’s not when you need it most.
Recovery email addressYour recovery email address, sometimes called an “alternate” address, is an additional email address you list in your account settings, often in security settings. It is used when you are unable to sign in normally to “recover” access by setting a new password.
Let’s say your primary email account is email@example.com. As part of its configuration, you specify a different email address — say, firstname.lastname@example.org — as your recovery email address.
One day, you can’t log in to your primary somerandomservice.com account. Perhaps you forgot your password, or perhaps your account was compromised. You click on the “I forgot my password” link, and somerandomservice.com sends an email to your alternate email address: email@example.com. You prove you got it by clicking a link in that email or by entering a code from that email.
This proves you’re the person who configured it as the recovery email in the first place: the account owner. With that proof, somerandomservice.com lets you set a new password, and you recover access to the account.
The recovery email address (like the similarly used recovery telephone number) is important. If you lose access to it, and you’re unable to log in to the primary account for which it was configured as the recovery address, you may lose access to that primary account forever.
Should it be yours or a friend’s?
I generally recommend recovery email addresses be your own. That way, you’re in control of exactly how they’re used and when.
Besides, it’s not uncommon for someone who is a trusted friend today to be less so in the future. For example, I’ve seen many accounts compromised when relationships (including marriages) end, and one partner decides to extract some sort of revenge via their access to the other’s email.
That being said, there are scenarios where it makes sense for an alternate email address to be someone else’s. This might be required in a corporate setting, or perhaps a very trusted acquaintance who helps you with your technology. If you do elect to use a friend’s email account for your recovery address, be sure to remember to change it should your relationship change.
Choosing a recovery email address
A recovery email address should be on a different email service. For example, I wouldn’t recommend setting up a Gmail address as your recovery address for your primary Gmail account. In theory that should work, but there are scenarios where both could fail at the same time. It’s better to have the recovery address be on a different service — perhaps Outlook.com, Yahoo.com, or something else.
You might never need to use your recovery address, but it’s important you keep it active. Sign in to it every so often so it isn’t closed for lack of use. If that happens, and you suddenly need it, you’re probably severely out of luck.
Some folks use a “throw away” account as their recovery email address — one they use to sign up for things they suspect might get them more spam or otherwise invade their inboxes. That’s fine, as long as you never actually throw it away.
Your recovery email address is, of course, an account all to itself. It, too, will probably include the ability to specify an alternate email address in case you ever need to regain access to it.
It’s perfectly valid to cross-link them: set A to be the recovery address for B, and B to be the recovery address for A.
If you’re in the process of recovering account A, and suddenly realize you’ve also forgotten the password to B because you haven’t used it in ages, you’re once again out of luck. You’re unable to use either account to prove you’re the rightful owner of the other.
This might lead you to think you need to create a third account to be the recovery account for B. That’s one solution, I suppose.
In reality, it underscores the need to periodically make sure your access to B is working, before you actually need it.
If you found this article helpful, I’m sure you’ll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I’ll see you there soon,
This post was written by Leo Notenboom and was first posted to AskLeo.com
Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.