Lock Backup Email Change (with Approval or Delay Option)
Andrés Galindo Arteaga
I’d love the option to lock the backup recovery email on my account so that it can’t be changed without either:
Admin approval OR A cooldown period (e.g., 48 hours)
Right now, being able to swap the backup email instantly makes the “forgot password” recovery flow too easy to bypass.
Thanks for everything you guys do, your tool has been life-changing.
Ben
Merged in a post:
Please get rid of the secondary email address!
J
Jim
everything is perfect apart from the secondary email address as you can easily remove it and add a new one and then easily get a PIN to unlock the account - please create a solution for this!!
Ben
In your situation, is the recovery email your own second personal email or another person's email? We are aware that this feature needs improvement, so we are trying to balance self-service recovery for emergencies with making profile locking hard to bypass.
Have you considered combining the passcode with random text (with a high character requirements) and an unlock delay? You can achieve a similar cooldown period effect this way since unlocking the profile depends on this delay.
thank you for the suggestion!
Andrés Galindo Arteaga
Ben Thanks for the reply! Yes, in my original case, the recovery email was my own second personal email, which allowed me to bypass the full unlock process fairly easily.
I’ve since replaced it with a hard-to-access ProtonMail account (with an absurd password written on paper and stored in a physical safe) to create more friction... But ideally, I’d love to see a feature where changing the recovery email itself requires a delay or approval, since that basically keeps the backdoor wide open if someone’s looking for an out.
The passcode + random text + delay flow is great (I’m using it too), but like you said, it only kicks in after passing the email/code stage, which is still user-editable at any time.
Super grateful for all the work you're doing. Keep us posted. Cheers.
Andrés Galindo Arteaga
AGREED! that's what I did to get around... I just put as a secondary email address another personal one, and went straight to unlock it. At least this can be an option that you could switch on/off if there are people that still use this feature, and say, if you want it on you need to unlock with passcode type of thing. Just brainstorming over here.