Google Security Feature Now Lets You Phone a Friend to Recover Your Account

Anyone who's ever had their Google account hacked can tell you what a pain it is to recover. You'll spend hours or even days on it, and recovery isn't guaranteed, no matter what you do. 

On Wednesday, Google announced the addition of several new security features to help prevent you from getting hacked and to make account recovery easier. 

One method may remind you of the game show Who Wants to Be a Millionaire? Just like in that game, it involves phoning a friend.

Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.

Recover your Google account with a trusted contact

Google is already rolling out the new features, dubbed Recovery Contacts, but not everyone has them yet. If they are available, you'll find them in the Security section of your Google Account settings.

First, you add a trusted contact to your Google account by following this link. Obviously, you want to use only your most reliable contacts, like a spouse or close friend. Your contact will receive an email asking them to accept your invite, and it's done. 

Then, if your account becomes compromised, you'll see the option to ask your friend to help you sign in. They'll see a prompt on their device, and once they verify your identity, you'll be allowed back into your account, where you can change your password and other credentials. 

Remember that this addition gives Google additional information about your connection with your chosen contact. 

"On one hand, Recovery Contacts is a really good idea," CNET senior editor Lori Grunin said. "On the other hand, it helps Google build a web of associations among people that it might otherwise not have and that can potentially be misused."

Even if you do enable these new features, it's important to enable others as well, such as a recovery email, a recovery phone number, and two-factor authentication, since attacks are still possible with these new features. 

Google's new recovery features are well-intentioned, said Aaron Rose, security architect manager at Check Point Software. But if not carefully managed, they introduce a fresh attack surface. 

"Any system that relies on human trust (like designating recovery contacts) can be socially engineered," said Rose. "We've seen similar tactics used in business email compromise schemes, where emotional manipulation, not technology, is the point of entry."

Recover your Google account with your phone number

Recovery Contacts is one of several new features from Google that focus on account security. In addition to the new "phone a friend" option, Google will also let you recover an account with your phone number. If one is enabled, Google will ask for your previous device's PIN or pattern code. 

Google Messages is also safer

Since scammers often use text messages to attract victims, Google has added some new protections in Google Messages as part of its latest security features. The first is a link-vetting feature that will warn you if Google Messages suspects a link you received is spam. An alert will pop up letting you know the link was blocked, and you can circumvent this by marking the message "not spam."

"Google's new safety features are a strong move in the right direction," said Lance Spitzner, director of SANS Workforce Cybersecurity Training. According to Spitzner, the link-vetting feature is helpful because it "can block access to known phishing websites before people get tricked." 

While these protections improve safety, Sptizner said that "they work best when combined with ongoing awareness and a healthy dose of skepticism toward unexpected messages or links." 

The other new feature is called Key Verifier. This little tool presents as a QR code that your trusted contacts can scan, thereby verifying them with Google Messages.

Also, Google launched Be Scam Ready, a game that helps teach players how to identify potential scams.