Full Report
Recovery feature lets trusted contacts help you get back in when other methods fail The latest security feature for Gmail enables users to recover their accounts with a little help from their friends.…
Analysis Summary
# Locked Out of Gmail Account? Google Introduces Trusted Recovery Contacts Feature
## Key Points
- Google introduces a new recovery feature that allows users to recover their accounts with the help of trusted contacts.
- The feature uses number-matching authentication and requires verification from the recovery contact.
- Users can select up to 10 trusted recovery contacts per account, who will receive notifications when an account is locked out.
- The feature aims to provide a secure alternative to passkeys and other methods.
## Threat Actors
- Google notes that while the trusted recovery contacts feature aims to enhance security, it's not foolproof and could be exploited by attackers if the contact falls for a spoofed request.
## TTPs (Techniques Used)
- Attackers might attempt to gain access to an account by passing a code to a trusted contact via a compromised channel.
- Google deploys additional checks to prevent attacks, including looking at device history, location, and IP address.
## Affected Systems
- Personal Gmail accounts are eligible for the feature.
- Google Workspace accounts are not eligible due to enrollment restrictions.
## Mitigations
- Users should choose trusted contacts wisely and ensure they possess a strong sense of cybersecurity awareness.
- Employers' Google Workspace accounts should not set up trusted recovery contacts.
- Children's accounts cannot add trusted contacts or use this feature.
## Conclusion
Google's introduction of the trusted recovery contacts feature aims to provide an additional layer of security for Gmail users. While it enhances security, it's essential for users and administrators to be aware of potential vulnerabilities and take necessary precautions.