Sun, Jul 12, 2026NY 6:54 PM EDTLA 3:54 PM PDTLON 11:54 PM GMT+1PAR 12:54 AM GMT+2DXB 2:54 AM GMT+4SIN 6:54 AM GMT+8TOK 7:54 AM GMT+9SYD 8:54 AM GMT+10UTC 10:54 PM UTCBTC delayed quote CoinGeckoETH delayed quote CoinGeckoFresh explainers, verified sources, practical next steps
Strangely Useful

Clear, verified help for apps, money, security, AI, and everyday tech problems.

Sections
Start with topic hubsSpot fake supportFix a wrong Cash App paymentLatest storiesTopicsMoney & ChargesSearchInternet & CultureTech & AISecurity & TrustPractical TechnologyMoney & PaymentsBrowser & PrivacyAI ToolsSoftware & ServicesInternet Culture & Everyday WorkflowsHidden HistoryUseful ThingsEntertainmentQuizzesAboutHow we workHow guides are madeNewsletter
Security & Trust - story

Account recovery works better when you plan it before the lockout.

Prepare an official recovery path, backup factors and post-recovery checklist for important accounts.

Last verified July 11, 20262 sources checkedEditorial standards
An account recovery plan beside a phone, backup security key, session review cards and a contact notification signal.
Account recovery works better when you plan it before the lockout.An account recovery plan beside a phone, backup security key, session review cards and a contact notification signal.A recovery plan records the official route, backup factors and checks to make after access returns. Strangely Useful generated editorial illustration.
In this story1 sectionsIf you think someone got in

An account-recovery plan is a small document you prepare while you can still sign in. It records the official recovery route, the backup factors you control, and the first checks to make after access returns.

Start with the accounts that can reset everything else: your primary email, phone account, password manager, domain registrar and financial services. For each one, record the provider's official help page, the recovery email or number you recognize, and whether backup codes or a hardware key exist. Do not store passwords or one-time codes in the checklist.

If you think someone got in

Use the provider's official recovery page or app rather than a link in an alarming message. The FTC's recovery guidance recommends changing the password, signing out of other devices, turning on two-factor authentication, and checking recovery information after you regain control.

Review recent sessions, forwarding rules, connected apps and messages sent from the account. Tell contacts if an attacker may have used the account. Preserve relevant records before deleting browser data or wiping a device if the incident may need to be reported.

Recovery is not the same as proof that the account is clean. A changed password can stop one route while a changed recovery address, active session or connected app preserves another. Work through the provider's security checklist, then update the recovery plan with anything you learned.

Keep the plan offline or in a protected location, and review it when you change phone numbers, email addresses, devices or authentication methods. The useful time to discover that a recovery address is obsolete is before the lockout.

Sources & methodology2 sources - evidence for this revision

The records below show what each source supports in this published revision.

  1. Recover a hacked email or social accountFederal Trade Commissionprimary - Retrieved Jul 10, 2026

    What it supportsAfter account compromise, change the password, sign out devices, enable 2FA and check recovery information. - Recovery information should be checked after regaining access.

  2. Cyber incident response best practicesU.S. Department of Justiceprimary - Retrieved Jul 10, 2026

    What it supportsRelevant records may be worth preserving before destructive cleanup in an incident.

The Useful Dispatch

Keep the good rabbit holes coming.

The weekly email is being prepared. No address is collected yet.

See the newsletter plan →