Do not lose access to your email account
dpa/picture alliance via Getty Images
Google has warned Gmail users to secure their accounts, adding passkeys and changing weak passwords. It has also warned that hackers are gaining access to those accounts using stolen credentials. The alarming increase in two-factor authentication bypasses makes this worse. No users should still rely on SMS for security.
Now Google has issued a new warning for users who lose their phone completely — either because it’s genuinely lost or broken, or more likely nowadays, because it’s stolen. The plague of phone thefts now affects most major cities worldwide.
“We understand phones get lost, stolen or broken,” Google says, “and don’t want to add losing access to your Google Account to the headache.” That’s why the tech giant has just confirmed that users “can now regain access with your mobile number.”
This new option is called “Sign in with Mobile Number” and “makes recovery on a new Android device easier.” The security update “automatically identifies your accounts using your phone number. All you need is the lock-screen passcode from your previous device for verification, no password needed.”
Do not lose access to your account.
While this affects all your Google accounts, Gmail is the one prized above all. It provides access to account recovery and sign-in options for other platforms, contains a raft of personal information, and is often your unique online identifier. “We are introducing this gradually worldwide,” Google says. “Watch for it on a phone near you.”
Google has also introduced a “Recovery Contacts” option, which it says “allows you to designate trusted friends or family members as Recovery Contacts. If you’re locked out due to a forgotten password, lost passkey device, or account compromise, these contacts can help verify your identity, providing a simple and secure way to regain access.”
While the mobile number recovery option is good, this contact option is fraught with risk. It is an open invitation for socially engineered attacks to trick users into designating fake recovery contacts as part of a wider attack. Unlike the mobile number system, which relies on a technical flag, this is entirely manual with no checks in place.
If you want to take the risk, Google says you’ll find Recovery Contacts under Security in your Google Account, which has been newly redesigned to make managing your personal information easier.” My advice is to think carefully before you do so.
