Assuming that I set up that recovery gmail account with the same level of 2FA as my primary gmail, then the recovery gmail is at least as secure as my primary gmail (probably a lot more, since no-one knows about it and no-one can associate with me). Considering that no one else even knows that gmail address even exists, then how would they target it? And even if they somehow discovered that gmail address exists, how would they tie it to my name, identity, or primary Gmail. I don't use it for any other purpose and don't share the address with anyone. Let's say I create a brand new gmail with an innocuous random unrecognizeable handle which is used ONLY as a recovery gmail for my primary account. Of coures it depends on the specifics of that recovery gmail, so let me construct a low risk scenario. īut for the recovery email, I don't see as much a risk. While google does have some provisions for verifying that your phone number remains tied to the Android device that you told google it was tied to, I can still see it as a pretty big risk that if my phone simjacked the person who took it has a lot of things at their disposal and I'd rather not include gmail in that. It is a balance of risks, and the risks vary among people.įor the recovery phone number, I can see that could be subject to some of the same sim-jacking risks as SMS. I'm not sure whether it makes sense to ignore google's recommendation (especially if my backup email has similar 2FA options no SMS). and not just through backup email but any other channel. Unless I turn off my recovery email and phone in which case google has no way of getting in touch with me when something fishy is going on. And if someone is trying to recover my account through a recovery email, it's probably going to be a slow process and google is going to contact me during that process. Note that recovering your account is only one of three functions listed. Recover your account if you’re ever locked out This contact info can be used to help:īlock someone from using your account without your permissionĪlert you if there’s suspicious activity on your account Your recovery phone number and email address are powerful security tools. General security information.Make your account more secure After all it seems to be just another avenue to potentially get into the account.īut google seems to view it the opposite way. It seems most people who have robust 2FA options (no SMS) suggest that the recovery (backup) email address and phone number not be provided.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |