I have a “main” Gmail account, which I set to keep logged in, on my laptop. This “main” Gmail account is important, because it’s the email address I used to sign up for many other services (and, so, if I forget my password on these other services, I get the password reset link sent to this Gmail account).
I have a phone. I do not keep myself logged into my main Gmail account on my phone. I rarely log into my main Gmail account on my phone; but whenever I do, I only stay logged on for a few minutes, and then I log back out.
I have a secondary Gmail account, which I list as a recovery email address for my “main” Gmail account. My secondary Gmail account’s password is written in a safe physical place (not in my wallet or backpack). I rarely log into this secondary account. (This secondary email has my phone number as a recovery phone number, but as I explain below, I’m thinking that this might be unsafe?).
Is it better to not use a recovery phone number?
My main concern is to keep my “main” Gmail account secure, even if I lose my laptop and my phone at the same time. (I tend to keep both in my backpack, instead of keeping my phone in my pocket).
Is it a bad idea add to my phone number as a recovery phone number to my “main” Gmail account?
That is, I’m thinking it would be a bad idea, because if I lost my backpack, then anyone who found my backpack could gain permanent access to my Gmail account in a way that I could not prevent:
even if I act quickly and use a different device (ie, one that I didn’t lose) to force my main account to log off of the stolen laptop, the person who found my backpack would still see that my main Gmail account is used on this laptop (ie because when they open up google, they see google accounts “added” to the Chrome browser as account options for logging in). Then, they could use my phone to “recover” my main Gmail account.
and then, even if I use my secondary Gmail account as a recovery option for my main Gmail account, I’m thinking that the attacker owning my phone to “recover” my main Gmail account would trump me using my secondary Gmail account to recover my main Gmail account.
However, I’m thinking that it’s harder for an attacker if I have no recovery phone number on my main Gmail account. Then, in order to get access to my main account, the attacker would first need to get access to my secondary account using my phone.
And finally, I’m thinking that if I have no recovery phone number on either account, then my main account is safe from an attacker, even if they have both my phone and my laptop.
What is the best plan for me to protect my main Gmail account, even if I lose both my laptop and my phone?
- Is the best plan to not have a recovery phone number on either my main or secondary Gmail account? (ie, is it true that if I choose this option, then an attacker could not get permanent access to my main Gmail account, even if they owned my lost laptop and lost phone?) What are the drawbacks of this plan? What other plans might I consider?