How to Set Up Account Recovery Options Before You're Locked Out

My Technician
SecurityPrivacyOnline Safety

The Problem

The worst time to discover your account recovery isn't set up is the moment you're locked out—after losing your phone, forgetting a password, or getting hacked. Recovery options are the safety net that lets you prove "this is really me" and get back in. Setting them up takes ten minutes today and can save you days of stress later. Here's how to do it right for your most important accounts.

Why This Matters So Much

Your main email and phone are the keys to everything else. If you lose access and have no recovery method:

  • You may be permanently locked out of accounts tied to that email.
  • You can't reset passwords for banking, shopping, or social media.
  • Recovering an account without backup options can take weeks—if it's possible at all.

A little setup now turns a disaster into a five-minute fix.

Step 1: Add a Recovery Email and Phone

Every major account (Google, Microsoft, Apple, your bank) lets you add recovery contacts.

  1. Go to the account's Security settings.
  2. Add a recovery phone number you control.
  3. Add a backup email—ideally a different account from a different provider, so one breach doesn't take out both.
  4. Keep these up to date when you change your number or email.

This is exactly what lets you get back in during a hacked email recovery.

Step 2: Save Your Backup Codes

When you turn on two-factor authentication, most services give you a set of backup codes—one-time codes that work if you lose your phone. These are your lifeline.

  1. Generate the backup codes in your account's 2FA settings.
  2. Save them somewhere offline: print them and keep them in a drawer, or store them in your password manager.
  3. Don't keep them only on the same phone that runs your authenticator—if you lose the phone, you lose both.

Step 3: Don't Rely on a Single Device

A common trap: your authenticator app, backup codes, and recovery phone all live on one phone. Lose it, and you're locked out of everything at once. Spread your safety net:

  • Keep backup codes somewhere separate from your phone.
  • Set up your authenticator on a second device if the app supports it, or use one that backs up securely to the cloud.
  • Make sure your recovery email is on a different account you can still reach.

Step 4: Set Up Account Recovery Contacts (Where Offered)

Some services go further:

  • Apple offers Recovery Contacts—trusted people who can help you regain access to your Apple ID.
  • Google lets you set up an account recovery flow and even a digital legacy contact.
  • Password managers often offer an emergency-access feature for a trusted person.

Choose someone reliable, and let them know they're your backup.

Step 5: Test Before You Need It

Recovery options you've never tested might be out of date. Once a year:

  1. Check that your recovery phone and email are current.
  2. Confirm your backup codes still exist and you know where they are.
  3. Update anything tied to an old number or a closed email account.

Step 6: Protect the Recovery Methods Themselves

Recovery options are also a target—an attacker who changes your recovery email can lock you out. So:

  • Put a strong, unique password and 2FA on your recovery email too—see how to create strong passwords.
  • Be alert: if you get a notification that your recovery info "was changed" and you didn't do it, act immediately, as that's a sign of a takeover attempt described in recover a hacked email account.

A Quick Setup Plan

Start with your main email, then your bank and phone account:

  1. Add a recovery email and phone number.
  2. Generate and save backup codes offline.
  3. Avoid keeping everything on one device.
  4. Add a trusted recovery contact where offered.
  5. Test your options once a year.

Recovery setup is the unglamorous step everyone skips—until the day it's the only thing standing between them and a permanent lockout. Spend the ten minutes now, and your future self will thank you.