One Thing you must Understand When Entering Security Settings on Accounts

There are a lot of things to consider when creating new user accounts with different websites/apps. Some things to consider include using different user IDs or email accounts, using different passwords, using complex passwords/passphrases, using multi-factor authentication, and signing up only for accounts when you really benefit from it and/or will be using that website or application frequently. There is one more thing you should consider when setting up new accounts.

This post discusses the backup settings you use when creating new accounts and what you must understand before entering your information in the security settings.

One Thing you must Understand When Entering Security Settings on Accounts

The accounts you create require you to enter security information as a backup to the account so you can legitimately regain access to the account if something happens. Accounts that use your email as your user ID will often send a link to the email address you can click to reset a password if it is forgotten. Other accounts allow you to set up a phone number for multi-factor. Some require configuring with multi-factor authentication apps.

The one thing you must understand when entering this security information is that it is always best to use different companies for the backup. For instance, you would not want to set up the same email company as your backup for everything. In other words, if you set up a  Microsoft/Google/Apple/Comcast/AT&T account to be the backup for all of a certain type of account, and the provider listed above is offline, you now have no way to recover that account.

Instead, the better approach is to mix and match your backup security accounts so that no one company holds all the keys. Configure a Comcast email as a backup to help you recover a Gmail account. Set up a Microsoft email to access your AT&T account. Use an authenticator app on your phone for your Microsoft account.

The main point is, do not use a Microsoft account for another Microsoft account, etc. While you might not have any problems with this most of the time, it does set you up to possibly fail if you ever need to recover the account and all account backups are using accounts from the same platform.

As an example, in the image below you can see that for my Microsoft account, an email from a different domain is used along with my phone number as a backup in addition to multi-factor authentication. These additional ways of authenticating or recovering access, using accounts external to the log in, help reduce my chances of being locked out either by not remembering my credentials or an outage of one of the backup types.

An example of several external sources of security for logging into accounts.

Using accounts that are different from the platform you are using is the best option when setting up recovery security information. Even if you did not do anything to cause the issue, if the platform itself is having issues, using outside sources for recovery will make this process much easier!

As always, understanding how security settings affect your ability to regain access is key in keeping these separated and easier to recover.