![]() I realize our phone service provider (AT&T) has a special purpose email address where things sent to the email address get sent to text message. On the off chance that does happen (admittedly very remote), I wanted to set up a gmail filter from in my recovery email to forward any security alerts somewhere that I would easily and promptly see them (because I'm not going to go check that recovery account periodically). ![]() I check my primary account regularly, so I'll see any alerts in my primary, just as long as a hacker isn't already in there and filtering what I see. I went ahead and setup a brand new gmail with nontraceable handle for the sole purpose of recovery email for my primary gmail.Īny gmail security alerts for the primary account are sent to both the primary account and the recovery account (that's the routine way google does things). probably not, I'll have to look for another place to forward them that I have a reasonable chance of seeing them. If I do create that new gmail for no purpose other than recovery, then I'd still have to give some thought on how to use gmail filters to forward security alert gmails from that recovery to another account that I read more regularly. I could almost go either way at this point, but I'm inclined to tip the balance towards listening to google (who may know more than I do about the risks than me) and creating that new gmail for no purpose other than listing it as a recovery. of some nature that I personally am not able to foresee. And I do consider that it might somehow provide some benefit if there is suspicious activity on my primary account. I have a hard time seeing that the backup gmail in this particular scneario would create any additional risk to the primary account. Assuming that I set up that recovery gmail account with the same level of 2FA as my primary gmail, then the recovery gmail is at least as secure as my primary gmail (probably a lot more, since no-one knows about it and no-one can associate with me). Considering that no one else even knows that gmail address even exists, then how would they target it? And even if they somehow discovered that gmail address exists, how would they tie it to my name, identity, or primary Gmail. I don't use it for any other purpose and don't share the address with anyone. Let's say I create a brand new gmail with an innocuous random unrecognizeable handle which is used ONLY as a recovery gmail for my primary account. Of coures it depends on the specifics of that recovery gmail, so let me construct a low risk scenario. īut for the recovery email, I don't see as much a risk. While google does have some provisions for verifying that your phone number remains tied to the Android device that you told google it was tied to, I can still see it as a pretty big risk that if my phone simjacked the person who took it has a lot of things at their disposal and I'd rather not include gmail in that. It is a balance of risks, and the risks vary among people.įor the recovery phone number, I can see that could be subject to some of the same sim-jacking risks as SMS. ![]() I'm not sure whether it makes sense to ignore google's recommendation (especially if my backup email has similar 2FA options no SMS). and not just through backup email but any other channel. Unless I turn off my recovery email and phone in which case google has no way of getting in touch with me when something fishy is going on. And if someone is trying to recover my account through a recovery email, it's probably going to be a slow process and google is going to contact me during that process. Note that recovering your account is only one of three functions listed. Recover your account if you’re ever locked out This contact info can be used to help:īlock someone from using your account without your permissionĪlert you if there’s suspicious activity on your account Your recovery phone number and email address are powerful security tools. General security information.Make your account more secure After all it seems to be just another avenue to potentially get into the account.īut google seems to view it the opposite way. It seems most people who have robust 2FA options (no SMS) suggest that the recovery (backup) email address and phone number not be provided. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |