Google Email Recovery
Maryalice Cutcher
I've been reading up on the many pages discussing account recovery options. From what I can see, you don't need access to your email address that you used to create your 1p account in order to recover your 1p account. But I want to be sure. Does 1p send a confirmation email to verify it's you anywhere in the recovery process?
I'm hoping it's not needed, but if it is, then there's a catch-22 since I use 1p to secure my email address, and if I can't get into 1p then I can't get to the email password to recover the 1p account, and I now need a second recovery plan to get to my email address outside of 1p.
The person being helped to recover their account will require access to their email inbox. If they are already logged-in to their email account on one of their devices then this shouldn't cause a problem. However, it makes sense for family members to keep a record of their 1Password master password and secret key or their email password and any associated two factor authentication. 1Password's advice focusses on the former, but the latter works just as well, assuming there is a Family Organiser who can help them with recovery.
In my case, I have made a second family member a Family Organiser and I keep a separate record of my 1Password master password, secret key and 2FA credentials and my email account password and 2FA credentials. You don't need to keep all this in one place. For example, you can share your secret key with your family in a shared vault.
Since there is no recovery for Individual accounts, I suppose you are referring to either a Families or a Business account, correct? In that case, another administrator can recover your account, but you do need access to the email address in that case. From our documentation page:
Do you only read your email in the browser? You could consider adding your email account to an email client, so you don't need to login and logout every time, and you will always have access to your email.
OK, thanks, then I should have my email account password saved in my emergency kit for some situations. I think the kit should make a point of having a slot for the email password that can be filled out. This catch-22 seems to be a possible hole in the recovery process, depending on how you have saved things.
If you have access to your Emergency Kit, you won't need access to your email for recovery: with the Emergency Kit, you have all the information you need to access your 1Password account, so no recovery would be necessary in that case.
I have a huge problem and this is what happened: Yesterday I wanted to send my admin rights to my new email address, and delete the access email address, because I had a Google Workspace administrator account, but I couldn't use the email funtion anymore, because then I wouldn't have to pay for anything. (At Ionos.de you automatically have a Workspace account with a business email address) But then when I accepted the link in the email to access my Youtube channel, the link did not and does not work. My friend, who luckily still had access, also sent me another invitation, but then it says I accepted the invitation. Now the following: Up until just now my website and Youtube channel went without a hitch, NOW, an hour later, I have seen that my channel is undetectable! I'm going through hell right now, since my channel has cost a lot of hours and money (all the paraphernalia to make videos) I'm really panicking now!
I am now wondering, have I been hacked? Have I done anything wrong other than first checking to see if the access is working as well? What else can I do? I also set in my Adsense account that the channel is mine, but since then everything is gone?!??
The Adsense account has also disappeared since today...
Note: If you cannot use any recovery methods, you have permanently lost access to your account. However, you can unlink an email address tied to the locked account. The unlinked email address can then be linked to a new or existing account. For more information, see "Unlinking your email address from a locked account."
Use one of your recovery codes to automatically regain entry into your account. You may have saved your recovery codes to a password manager or your computer's downloads folder. The default filename for recovery codes is github-recovery-codes.txt. For more information about recovery codes, see "Configuring two-factor authentication recovery methods."
Warning: If you protect your personal account with two-factor authentication but do not know your password, you will need to start a two-factor authentication recovery request. For more information, see "Request help with two-factor authentication."
If you know your password for GitHub.com but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.
Click Send one-time password to send a one-time password to all eligible addresses associated with your account. Only verified emails are eligible for account recovery. If you've restricted password resets to your primary and/or backup addresses, these addresses are the only addresses eligible for account recovery.
A member of GitHub Support will review your request and email you within three business days. If your request is approved, you'll receive a link to complete your account recovery process. If your request is denied, the email will include a way to contact support with any additional questions.
If you have forgotten your password and you've lost access to your two-factor authentication credentials, you can start account recovery to regain access to your account. You'll need to verify your identity using a recovery authentication factor, such as an SSH key or previously verified device. If no recovery methods are available, you can choose to unlink your email address from your account.
Alternatively, if no recovery methods are available, you can choose to unlink your email address from your account. The email address is then available for you to link it to a new or existing account, maintaining your commit history. For more information, see "Unlinking your email address from a locked account."
Later on, the user is given the chance to add an email and password to their account to make it recoverable. Or alternatively, to enter an email and password in order to recover an old account. If either of these are successful, the game saves the username and password locally to file. And then uses that to log in with LoginWithEmail in the future.
However, there are a few scenarios in which this leads to either bad UX or technically risky hacks. This suggests maybe I've misunderstood something conceptually:
In the first scenario, the user plays the game for a bit, adds an email address / password, doesn't get very far, then churns. Some time later, they install the game on their new phone, make great progress and try to add their email / password to secure their account new account.
At another company I work for, we have our own backend, and in this scenario of "email address already in use", or indeed in the case of a normal "account recovery", we provide the user with the option of which account they want to continue with, and which will be lost.
The user sees some basic information about the two accounts, such as the name of their Empire, Cities Owned, Army Strength, and also Coins and Gems associated with each account. On selecting one or the other, the backend then associates their email/password/login details with the selected account, and that's the one the user uses thereafter. The old account is orphaned and eventually cleaned up (deleted).
It seems there is no easy way to do this "giving the user a choice" with PlayFab. As far as I can tell, it's not possible to remove an email address from one Master Player Account and add it to a different one. (And it also wouldn't make sense for the second scenario detailed later). Nor does it seem it's possible to transfer a Title Player Account from one Master Player Account to another. It is possible to copy all the Title Player Data from the non-email Master Player Account to the email-linked Master Player Account, overwriting the unwanted data from the game where the user didn't progress much in the process. However the actual implementation of this looks extremely hacky / technically complicated and risky.
In the second scenario, the publisher has two games: Title A and Title B. The user plays Title A and adds an email/password. At some later point, they play Title B and attempt to add the same recovery email. However, email address is stored at the Master Player Account level, so the email address is already in-use from Title A.
The same hacky solution could be applied here. The Title B client could log in with the email address, thus creating a new Title Player Account for Title B under the same Master Player Account as Title A. And then copy/paste across all the Player Title Data. But again it will be difficult to implement, hard to maintain and a lot of things can go wrong.
The best solution I have seen for this is to add a prefix to an email. So when the user types in m...@email.com, what the game client actually registers is title...@email.com. However, this completely defeats the point of having the email/password stored at the Master Player Account level. The same user would have multiple Master Player Accounts, each one with only one Title Player Account in it.
Since any login-related information is in the master player account, players can use one identity to access all titles in the same studio, one login email address will be enough. May I ask your concerns? There is no need to link different login emails for different titles.
df19127ead