Since writing my previous article on securing your digital life, I’ve had a lot of time to reflect on what I wrote and think about the additions I’d like to make in order to fill in the gaps. What I wrote back then is still very good practice, and if you took my advice, your digital life online is still secure under the rules I laid out to this day. Attacks on online databases have only increased, and the rise of ransomware has turned device encryption into a weapon used against users instead of something to protect their data. Nowadays securing your digital life is more relevant than ever, and I think making sure you can recover an account is an important step in staying secure.

Recovering accounts is a frequent issue I see at the library with our patrons losing access to an account, either through a data breach or often just forgetting the password or username to their account. In this article I hope to lay out the best practices for setting up your account to be recoverable in the event you lose access to it either through forgetting the password, or if it is taken over by someone else. These mostly will be general actions you can take to protect your accounts and prepare for recovery in the event of losing access to your account.

Regularly update recovery information

For your most important accounts (email, social media, password managers) Make sure all your recovery information is up to date as soon as it changes. Many times I’ve seen our patrons locked out of accounts after they changed phone numbers, but forgot to update that information on their Facebook or Gmail, and when they were locked out they had no access to the previous number anymore. It is good practice when you change your primary email or your phone to go back to your most important accounts and make sure you can still log in on the new device, while you still have access to the old device or account, and then update the recovery information with the new information. Also, while they are less common now, if an account uses recovery questions, be sure to regularly update them and make sure you know the answers. Be sure to note the case you type your answer in, as some of these answers are case-sensitive, for some reason. I normally always try to answer them all in lowercase and remember I did so – for my own sanity.

Use a password manager

A password manager is great for never losing access to an account and means you only need to remember one password and let the password manager handle remembering the rest. Most phones include a basic password manager provided by Google or Apple, and this is fine for storing passwords themselves. But a full password manager includes even more features that will help you recover an account. Most password manager services have a place to add notes to a login entry, so you can also store recovery question answers, and an account’s associated recovery email. 

If you have trouble remembering passwords and want to use a password manager, be sure to write the master password somewhere safe, possibly several places. Some password managers also allow you to use biometric authentication (fingerprint) in addition to a master password, but be warned, don’t ever be in a situation where you do not know your master password. If you are only able to log in to your password manager with a fingerprint and don’t know what your master password is, ask for help on getting that password changed to something you do know from someone you trust as soon as possible! 

Some examples of popular Cloud-based password managers are 1Password, Bitwarden, and the most popular is LastPass, but they’ve been in some hot water lately. An offline option is KeePassXC if you don’t want your password vault stored online. Most of these password manager services offer a free tier that is enough for most, and then a paid tier with more features.

Don’t make a new account

A frequent mistake people make when attempting to recover a social media account is to make a new account. Facebook is notorious for only letting people have a single account per identity, and unless you’re a criminal or super spy, you’ve only got one identity. When a new account is created, it might replace the association of the information from the account you lost access to. If the account was stolen by someone else, they’ve likely already changed the email and other information. When Facebook sees a new account with all your information they will remove the association from the account that was hijacked, and you won’t be able to get your account back.

The best thing to do is to sit down at a familiar device you often logged into that account at, as Facebook or other sites are more likely to trust a computer or phone that has logged into the account many times previously, than a strange new device like a library computer or the hacker’s computer. Once there, there is often a long process of telling Facebook you can’t log into your account through the “forgot password/account” option, then reporting your account as hacked if that’s the case, or recovering a password if you just forgot that.

Prepare for the situation

It is a good idea to try and think through how to recover an account if you lose access. Sometimes it might require additional steps, like if you use multi-factor authentication or verification on a device that is still logged in. If you use an authenticator app, oftentimes you need to download one-time-use recovery codes from your account settings and store them somewhere safe. If you lose access to your device, in the event you drop your phone and break it, or it’s stolen, your account might be inaccessible forever without these recovery codes. Taking time to find places to store safe backups for this information like on an encrypted backup or physically in a safe or safety deposit box will keep your accounts safe in the future. Every service is a little different, so just looking to see what the steps to recover an account are while you still have the password and access to an account is good practice.

Inaction is the worst action

I have seen several instances where patrons affected by a hack choose to take no action and either just abandon the account or ignore the hacker. This is a *very* bad idea! This is the ideal scenario for a hacker, to have free reign over an account with zero resistance from the user, just leaving the hacker alone to wreak havoc on your life. If you are uncomfortable taking action yourself, seek help from a trusted family, friend, or community member.

Conclusion

While it is impossible to protect yourself from every scenario. Taking the recommendations I have given here and my previous article will go far in protecting your online accounts from being attacked, and in the event they are, give you the ability to recover and take them back from the attacker. If you have any further questions, feel free to reach out to the Salina Public Library Technology Center, we are always happy to answer and inform you where we can!

Visit our Walk In One-on-Ones for individualized tech help. Here’s the info.