Do you have a recovery email attached to your MAIN email?

[Nvidiaguy07]

Here is my current situation:

my gmail is my main email, and is the center of everything. I change my password often, use two factor, dont sign in public computers with this account etc. If anyone were able to gain access to my gmail I would be pretty much screwed (not saying im different than anyone else just pointing out that my gmail has to be the most protected account I own).

Up until now I used yahoo as my recovery email address, so if I were to lose my password or something goes wrong, I could send it to yahoo. This account also is changed often, and I use two factor. In addition, I only have gmail on my phone - so if it were stolen, they would not be able to use yahoo to try and reset passwords and all that. (yea I know id be screwed because they would have access to my gmail, but its just one more thing to help - I dont use yahoo anyway except for fantasy football).

Today I decided to remove yahoo as my recovery email, because all it really does is make me less secure (even though it also has two factor, its just one more thing than can end up giving access to my gmail account). Good idea or bad idea? The only downside would be possibly forgetting my gmail password and losing access to it - but Im guessing the chances of that for me are near zero.

 

[smakme7757]

Generate recovery codes for your Gmail account and keep a copy of them both digitally and physically. They will net you access if you loose control over your 2 factor authentication mechanisms.

Adding a mobile phone number to your account is also a good recovery option. It will allow you to reset your password if you forget it.

 

[WilliamM2]

I just use Keepass to store all my passwords, and I make sure I have that backed up at least twice. I could never remember any of my passwords to important things, as they are all randomly generated and over 20+ characters.

 

[John Connor]

I rely upon the security question and I never give a straight answer. Like what is your favorite color? Answer: Cats in the cradle.

I use Pale Moon and Firefox and use the add-on PWDhash for passwords. http://crypto.stanford.edu/PwdHash/

 

[Suspicious-Teach8788]

I rely upon the security question and I never give a straight answer. Like what is your favorite color? Answer: Cats in the cradle.

I use Pale Moon and Firefox and use the add-on PWDhash for passwords. http://crypto.stanford.edu/PwdHash/

Security questions are just another weakness in the system. You should treat these like passwords. For example, use a generator to generate a 24+ character random answer. It was pretty interesting to read those out to tech support once when they asked me. Yes my mother's maiden name is really "3AIfh^35aphj1b;"

Generate recovery codes for your Gmail account and keep a copy of them both digitally and physically. They will net you access if you loose control over your 2 factor authentication mechanisms.

Adding a mobile phone number to your account is also a good recovery option. It will allow you to reset your password if you forget it.

The recovery codes is for 2FA only. While I think it's important to have those recovery codes in case you don't have your token or your phone is lost, OP is dealing with losing the password overall.

I do think there's enough systems out there setup to prevent a total password loss, but let's not forget in true zero knowledge encryption, you lose your password, you're SOL. That's how it should be if you want true security.

The way I see Gmail (and this may be my downfall) is that with 2FA and a recovery email that's also guarded by 2FA, I'm less likely to lose my password even if it's a 40+ character password.

 

[lxskllr]

All my mail is stored locally. Losing the account would be a PITA, but not the worst thing in the world. In fact, it would be a good kick in the ass to completely drop the last Google product I use. I have one pretty good password, and that's it. If that's not sufficient, then oh well.