If you’ve ever been locked out of your Google account, you know how time-consuming and frustrating it can be to regain control of your email and apps. Most hijacking attempts of Google accounts originate from automated bots that access third-party apps with breached passwords, but they can also result from phishing and targeted attacks.
Google had been promoting the use of a recovery phone number to keep your account safe from takeover, but until recently it had no stats to prove how effective this method of protection actually was in the real world. So Google partnered with researchers from New York University for a year-long study to find out how effective basic account hygiene is at preventing hijacking.
The research showed that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.
Google also found that an SMS code sent to a recovery phone number helps block 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks. On-device prompts, a more secure replacement for SMS, helps prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.
If you don’t have a recovery phone number established with your Google account, then you are relying on weaker knowledge-based challenges, like recalling your last sign-in location. While this is an effective defense against bots, protection rates for phishing and targeted attacks can drop as low as 10%. That’s because phishing pages and targeted attackers can trick you into revealing any additional identifying information Google might ask for.
If you haven’t added a recovery phone number to your Google account – maybe you forgot or you didn’t think your phone number was any of Google’s business – now’s the time. As the research shows, this is an essential element of account security.
Adding a recovery phone number to your Google account not only protects you against potential hijack attacks, it can help you get back into your account more quickly if you ever lose access or can’t sign in.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.