Google Account Recovery

One of the basic security problems for us and the companies we deal with is how to handle the situation that arises when someone calls or emails and claims they have lost their password. This is called "Account Recovery" and I'll be looking at a few companies in upcoming issues. This month it is Google's turn.

There are two things that you need to do:

Think about it. - Sorry, you really should invest 10 or 15 minutes on this.
Check and see how it is setup now, and if that makes sense for you.

What Google Does:

Google has 3 layers of protection:

A mobile phone number they can send a text to to verify that it is you who is resetting the password.
An email address that is not your Gmail address
A security question

So, you really need to check and make sure they have the correct phone number and a currently active email address that you actually check sometimes. You can't have them texting a number you discarded last year, or an email address for an ISP you left. You can't have them texting you cell phone if in fact, you never carry it.

As for the security question, please follow my example and consider these insecurity questions. Never, Never, Never ask a real question and give a real answer. Someone could figure those out. I don't care what the questions are, I make up random 5-8 character passwords for the answer. So, Who was your favorite teacher?" my answer could be: kE9;2a. Or whatever random characters are generated by my Keepass password safe. Of course, the questions and answers are stored in my notes for that account. Some people prefer using a real word, that is nonsense. So their favorite teacher becomes "Halibut" or "peanut butter". I tend to make these pretty short, since sometimes you are required to tell it to someone over the phone.

Here is the link to Google to check your account recovery options.
https://accounts.google.com/UpdateAccountRecoveryOptions?hl=en . Use it soon to check your account.

Date: December 2014

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Google Account Recovery One of the basic security problems for us and the companies we deal with is how to handle the situation that arises when someone calls or emails and claims they have lost their password. This is called "Account Recovery" and I'll be looking at a few companies in upcoming issues. This month it is Google's turn. There are two things that you need to do: Think about it. - Sorry, you really should invest 10 or 15 minutes on this. Check and see how it is setup now, and if that makes sense for you. What Google Does: Google has 3 layers of protection: A mobile phone number they can send a text to to verify that it is you who is resetting the password. An email address that is not your Gmail address A security question So, you really need to check and make sure they have the correct phone number and a currently active email address that you actually check sometimes. You can't have them texting a number you discarded last year, or an email address for an ISP you left. You can't have them texting you cell phone if in fact, you never carry it. As for the security question, please follow my example and consider these insecurity questions. Never, Never, Never ask a real question and give a real answer. Someone could figure those out. I don't care what the questions are, I make up random 5-8 character passwords for the answer. So, Who was your favorite teacher?" my answer could be: kE9;2a. Or whatever random characters are generated by my Keepass password safe. Of course, the questions and answers are stored in my notes for that account. Some people prefer using a real word, that is nonsense. So their favorite teacher becomes "Halibut" or "peanut butter". I tend to make these pretty short, since sometimes you are required to tell it to someone over the phone. Here is the link to Google to check your account recovery options. https://accounts.google.com/UpdateAccountRecoveryOptions?hl=en . Use it soon to check your account. Date: December 2014 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk