Accounts And Recovery
Account safety is mostly recovery safety. If someone can reset your account, they can often own it.
Protect recovery paths
Section titled “Protect recovery paths”- Use unique passwords for email and password manager accounts.
- Avoid SMS as the only recovery method for important accounts.
- Add passkeys or hardware security keys where supported.
- Store backup codes outside the account they protect.
- Keep old phone numbers and backup emails removed.
Make a recovery sheet
Section titled “Make a recovery sheet”For each important account, record:
- The official login URL.
- The recovery email or phone.
- Where backup codes are stored.
- Whether a security key or passkey is enrolled.
- Who to contact if you lose access.
Do not put passwords in a plain document. Keep passwords in a password manager.