Google introduces new Gmail account recovery mode.
SOPA Images/LightRocket via Getty Images
Updated October 18 with a warning from Check Point Software security experts regarding the potential dangers of the latest Gmail recovery contacts feature.
With a new Google two-factor authentication code theft warning hitting the headlines, the threat of being locked out of your Gmail account has once again moved to the forefront of security-minded users of the world’s most popular email platform. Google itself has not only confirmed updates mitigating the latest 2FA threat, but has now gone one step further by introducing a new security feature. This feature is designed to help if the worst happens and you find yourself locked out of your account due to hacker action, device loss, or password amnesia. Here’s everything you need to know about the recovery contacts setting that is rolling out as I type.
Locked Out Of Your Gmail Account? Google’s Recovery Contacts Feature Can Help
With attacks against Google accounts, and that means your Gmail account as well, spiking by 84% across the past year, according to Google, with password-stealing email threats the prime culprit, taking account recovery seriously is long overdue if you have overlooked it so far.
However, as Claire Forszt and Sriram Karra from Google’s Identity and Engagement team, have now confirmed, even if you have taken steps to help recover an account you can no longer access, such as by way of one-time SMS code, for example, “that can be hard if you lost your phone or haven’t updated your recovery phone number.”
Which is why Google is rolling out a brand new security feature called Recovery Contacts to reinforce the Gmail account recovery precisely at those times of most stress when you need help immediately.
The Recovery Contacts setting enables Gmail users to choose trusted contacts, family members or close friends to provide help if ever they find themselves locked out and unable to receive a recovery code for any reason. “It’s a simple, secure way to turn to people you trust when other recovery options aren’t available,” Forszt and Karra said.
Check Point Software Expert Warns Of Potential Gmail Recovery Contacts Hacking Threat
While I am 100% supportive of Google adding the Recovery Contacts feature to its armory of Gmail user defenses, some security experts have sounded an alert regarding a “sense of safety that isn’t always justified” that such features can create. Those were the precise words of Aaron Rose, a security architect with the office of the chief technology officer at Check Point Software, said. “If users believe Google’s new warnings and recovery methods will catch everything,” Rose told me, “they may let their guard down against more subtle or AI-generated scams.” I mean, Rose has a point, especially given the evolution of deepfakes that are getting harder and harder to detect. But in my never humble opinion, that doesn’t mean this is a dangerous security feature; it just means that users need to remember that there is no such thing as a silver bullet in security, and the basics of threat awareness need to remain in place alongside such settings.
“Any system that relies on human trust (like designating recovery contacts) can be socially engineered,” Rose continued, warning that “attackers could manipulate or impersonate a trusted contact to gain account access.” Precisely the event that the Recovery Contacts feature is designed to help Gmail users recover from, and precisely why it is needed in the first place. Of course, using passkeys, having 2FA enabled, and being aware of the dangers that are out there are essential and should not be dismissed as a result. Just know that this feature is a backup resource should the worst happen.
Set Up Your Gmail Recovery Contacts Option Now
Setting up Recovery Contacts is simple enough, although Google has said that the feature is still rolling out, so it may not yet be available to you. You can check if it is and start the process by clicking this Google account link.
Check if the Gmail Recovery Contacts setting is available to you now.
Once you have chosen your trusted contacts, if you need help with recovering your account, you share a code with them and, Google said, “they will get an email or notification and can confirm it’s really you by verifying that code, helping you securely regain access to your account.”
Obviously, you should only select someone you can trust 100%, but Google advised that the recovery contact never actually has access to your Gmail account or any of your personal information. There’s nothing to lose, except access to your email account if the worst happens and you haven’t prepared in advance. So, what are you waiting for?
