Account Recovery
Account recovery is often weaker than the main login. A well-protected password and MFA setup can still fail if recovery email, phone numbers, backup codes, security questions, or old devices are neglected.
0 out of 8 (0%) complete, 0 ignored
| Done? | Advice | Level | Details |
|---|---|---|---|
Impact: HighEffort: Medium | Essential | Your primary email resets many other accounts. Use a unique password, passkey or strong MFA, clean recovery methods, and session review. If this account falls, many other accounts become easier to take over. | |
Impact: HighEffort: Medium | Essential | Understand exactly how your password manager can be recovered. Store emergency kits, recovery codes, and account recovery instructions offline in a safe place, and remove weak or outdated recovery methods. | |
Impact: HighEffort: Low | Essential | Save backup codes on paper or in an encrypted offline file. Keep them away from the same account they unlock. Replace the codes after using one or after any suspected exposure. | |
Impact: MediumEffort: Low | Recommended | Review every critical account for old recovery phone numbers. Remove numbers you no longer control and avoid making a phone number the only recovery path for important accounts. | |
Impact: MediumEffort: Low | Recommended | Treat security questions like extra passwords. Use random answers stored in your password manager instead of real answers that can be guessed from public records, social media, or data broker profiles. | |
Impact: MediumEffort: Medium | Optional | Decide how a trusted person can access essential accounts or documents if you are unavailable. Keep instructions minimal, offline, and limited to what they truly need. | |
Impact: HighEffort: Low | Essential | If a phone, laptop, tablet, or security key is lost, remove it from account security settings, revoke sessions, rotate passwords where needed, and check recovery methods for changes. | |
Impact: MediumEffort: Low | Recommended | After a major breach affecting a service you use, do not only change the password. Review sessions, connected apps, MFA devices, backup codes, and recovery email or phone settings. |