Account Recovery Options, And Prevention Of Blogger Account / Blog Hijacks

Ever since Blogger started using Google accounts to authenticate Blogger account access, blog owners have had trouble maintaining access to their accounts and their blogs.

Not all Blogger blog owners understand - and less accept - the measures that Blogger has taken, to prevent malicious activity, by unknown persons who would use Internet obscurity to hijack their accounts, and their blogs.

Every day, we see numerous complaints in Blogger Help Forum: How Do I?, about inability to recover account access. And, we see occasional (not occasional enough) reports about blogs now owned by people who are not personally known by the rightful blog owner.

Blogger is continually improving their account recovery, authentication, and account hijack prevention policies. Unfortunately, as they improve in one area, they make things more difficult in another.

Until late 2010, Blogger / Google offered several options, for recovering account / blog access.
  • An automated wizard, where you could provide the URL of your blog, and have account recovery instructions sent to the email address registered with the Blogger account(s) that administered the blog, accompanied by the welcomed advice
    We've sent password reset instructions to your email account xxxxxxx@yyyyy.zzz.
  • An option, should the latter email account be unusable (the owner graduated from school, changed ISPs, changed jobs), to walk into many regional Google offices, present proof of identity, and regain access to some Blogger accounts.
  • In some limited cases, to transmit a facsimile of specific proof of identity documents to a Google office, have identity verified remotely, and regain access to some Blogger accounts.

In early 2011, we noted a significant number of cases where people were reporting logging in to Blogger, and finding various personal blogs missing from the dashboard blog lists. Checking the blogs themselves, they were found to be still online - but now owned by other persons. In an alarming number of cases, the persons then owning the mysterious blogs appeared to be part of a malicious and well planned attack, against Blogger accounts and blogs.

In mid 2011, Blogger changed the automated account recovery wizard, to not display the email address being used for the password recovery. Now, we see less detail.
We've sent login instructions to your GMail account.
or even
We've sent login instructions to your account at y****.com.
To recover account access, the blog owner is now required to remember the email address - or minimally, to have access to all owned email accounts, and check each account, one by one, until login instructions are found.

To reduce the need for local and remote identity verification, Google enhanced the account recovery wizard, where the blog owner can provide an email address (whether or not usable for incoming email), provide secondary details to prove identity, and regain access. They also added Two Step Verification, which lets you use a pre registered cell or home phone, as an additional / alternate identity token - both to prevent hijackings, and to recover account access.

Unfortunately, people who idly forget the password and the email address, or who forget (or never provide) secondary personal details when setting up their Google account, will always be a challenge. Another challenge is provided by people who value anonymity, and setup multiple email accounts to obscure their real life identity from their Blogger blog ownership.

In specific cases, Blogger is known to provide mysterious "hints" to people who have gratuitously used multiple email accounts - and who cannot now remember all accounts used.
Your email address is a***0@yahoo.com.
However, the limited effectiveness of hints should always be noted. The Blogger Help Forum: [FAQ] Regarding account-related issues won't be going away, for lack of traffic, any time soon.

>> Top

Comments