Helping people with computers... one answer at a time.

Having control over recovery details is what allows you access back into a hacked account: the goal is to prevent the hacker from controlling that recovery info.

Hi. In the number 344 AskLeo! (I assume you mean my newsletter), you gave info to this effect regarding viruses in Hotmail: try to regain access to your account and change all or as much personal and hinting information as possible.

My question is would it be OK to perform this procedure on other accounts also? Or wait until you detect a problem?

In this excerpt from Answercast #15, I talk about the necessity of keeping your recovery information up-to-date on any email account and what to reset in the event of an attack.

Change security information

There's nothing wrong with doing that.

In fact, I encourage people to review their alternate and account recovery information periodically to make sure that they remember it or that it's still working.

"How do I recover...?"

One of the very common questions I get is from people are in a recovery situation and they suddenly realize that the information (like the phone number or the email address, the alternate email address that they provided when they created the account) is no longer valid and can no longer be used.

  • That can often lead to losing the account permanently.

So it's a good idea to review it. It certainly doesn't harm anything to change the information periodically.

Might be overkill

My take on it is that it doesn't really help anything to change the information.

If you've got good and current recovery information:

  • An email address (an alternate email address that works)
  • A phone number (that is valid and in your control)
  • Password hints (that you remember)
  • Secret questions (that have answers that you remember, that are not easy for other people to guess)

... if you've got all that in place, I don't really see a reason to change it.

If you've been hacked

The reason I suggest that you change it, once your account has been hacked, is that while the attacker has access to your account, they could be setting all those things to something else.

They could (if the information is visible) be reading what you set those things to. With that information in hand (knowing those pieces of information) they could hack your account again after you've recovered it.

The only way to protect yourself after being hacked in a scenario like that is to change not only your password, but every bit of information that could be used to recover your password.

Article C5306 - May 7, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.