Blog article
See all stories »

Never Use Hotmail as Secondary Email Account


Registering for an account at any web site almost always requires an email address, and some people use a secondary address they don't care about instead of their real email address to avoid spam. If you do this, be very careful.

Microsoft shuts down Hotmail accounts that haven't been logged into after nine months. So if you registered for your Gmail account two years ago and used your Hotmail address as your secondary email address and never logged back in, you've put your Gmail account at risk.

Here's how: If your Hotmail account gets shut down due to inactivity, someone else can open a new one using your Hotmail address. Then, if that someone else requests a password reset from Gmail, it goes to that address, and that someone can get into your primary email account. This is how Twitter employees' Gmail accounts got broken into last week.

From Hotmail's help section:

Free Windows Live Hotmail accounts become inactive if you don't sign in for more than 270 days or within the first 10 days after signing up for an account. After an account becomes inactive, all messages, folders, and contacts are deleted. Incoming messages will be sent back to the sender as undeliverable. Your account name is still reserved. However, if the account stays inactive for an additional 90 days, the account name may be permanently deleted.

If you are or ever were a Hotmail user, make sure all the important online accounts you use (banking, other email accounts, shopping sites where you've stored credit card information) don't send password reset messages to your Hotmail account, and that important messages aren't left there untouched for too long. Either that, or make absolutely sure you log in once every few months.

Gmail and Yahoo Mail have similar deactivation policies. From Gmail's Help:

A dormant address is a Gmail address that hasn't been used for six months. You can still receive mail if your address is dormant, but you need to log in to keep your account active. If you don't log in to Gmail within three months of it being labeled dormant - or for nine consecutive months - Google may delete the address.

From Yahoo Mail's help:

Accounts are deactivated and removed after four months of no use. When an account is deactivated, you won't be able to access it, regardless of whether or not email has been received in the account during that time.

And sorry, but we can't retrieve any of the information that was formerly stored in it.

In summary, unlogged-into Hotmail and Gmail accounts expire after nine months and unlogged-into Yahoo accounts expire after six (unless you pay for Yahoo! Mail Plus). Looks like we all have to remember to log into those secondary webmail accounts.



Comments: (1)

A Finextra member
A Finextra member 31 July, 2009, 15:57Be the first to give this comment the thumbs up 0 likes

I would also like to add : that even if you partly own a company, never use your work email account as your secondary email.

I have had a bad experience getting dismissed from a company that I co-created with someone else - wrongfully so, of course - but that's another legal case.

But what happened next is really something that's amazingly sordid. The person that dismissed me (the President of the company, whilst I held a VP position), got rid of my access to my work email account and he took over that email account. From there, he was able to take over my financial accounts, my other email accounts, my ebay account, my paypal account. It did not stop there, he listed several items to sell using my ebay account (items that he obviously did not have) at fixed and buy it now prices of less than a dollar, obviously prompting many buy it now transactions. The ensuing mess I had to clean up, although not a 100% successful with some buyers that did not want to understand that my account was taken over.

So yes, ex-employers can steal your identity as well !

Cedric Pariente

Cedric Pariente

Stanford Certified Project Manager

EFFI Consultants

Member since

20 Dec 2008



Blog posts




This post is from a series of posts in the group:

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

See all

Now hiring