Lockstep

  • Checklists
    • Authentication
    • Web Browsing
    • Email
    • Messaging
    • Social Media
    • Networks
    • Mobile Devices
    • Personal Computers
    • Smart Home
    • Personal Finance
    • Human Aspect
    • Physical Security
    • Passkeys and MFA
    • Account Recovery
    • Scam Defense
    • Incident Playbooks
    • Monthly Maintenance
    • Identity Protection

    Lockstep

  • Home
  • Checklists
    • Authentication
    • Web Browsing
    • Email
    • Messaging
    • Social Media
    • Networks
    • Mobile Devices
    • Personal Computers
    • Smart Home
    • Personal Finance
    • Human Aspect
    • Physical Security
    • Passkeys and MFA
    • Account Recovery
    • Scam Defense
    • Incident Playbooks
    • Monthly Maintenance
    • Identity Protection

Settings

Account Recovery

Account recovery is often weaker than the main login. A well-protected password and MFA setup can still fail if recovery email, phone numbers, backup codes, security questions, or old devices are neglected.

0 out of 8 (0%) complete, 0 ignored

Done?AdviceLevelDetails
Impact: HighEffort: Medium
Essential

Your primary email resets many other accounts. Use a unique password, passkey or strong MFA, clean recovery methods, and session review. If this account falls, many other accounts become easier to take over.

Impact: HighEffort: Medium
Essential

Understand exactly how your password manager can be recovered. Store emergency kits, recovery codes, and account recovery instructions offline in a safe place, and remove weak or outdated recovery methods.

Impact: HighEffort: Low
Essential

Save backup codes on paper or in an encrypted offline file. Keep them away from the same account they unlock. Replace the codes after using one or after any suspected exposure.

Impact: MediumEffort: Low
Recommended

Review every critical account for old recovery phone numbers. Remove numbers you no longer control and avoid making a phone number the only recovery path for important accounts.

Impact: MediumEffort: Low
Recommended

Treat security questions like extra passwords. Use random answers stored in your password manager instead of real answers that can be guessed from public records, social media, or data broker profiles.

Impact: MediumEffort: Medium
Optional

Decide how a trusted person can access essential accounts or documents if you are unavailable. Keep instructions minimal, offline, and limited to what they truly need.

Impact: HighEffort: Low
Essential

If a phone, laptop, tablet, or security key is lost, remove it from account security settings, revoke sessions, rotate passwords where needed, and check recovery methods for changes.

Impact: MediumEffort: Low
Recommended

After a major breach affecting a service you use, do not only change the password. Review sessions, connected apps, MFA devices, backup codes, and recovery email or phone settings.