Skip to main content

Account Recovery Options, And Prevention Of Blogger Account / Blog Hijacks

Ever since Blogger started using Google accounts to authenticate Blogger account access, blog owners have had trouble maintaining access to their accounts and their blogs.

Not all Blogger blog owners understand - and less accept - the measures that Blogger has taken, to prevent malicious activity, by unknown persons who would use Internet obscurity to hijack their accounts, and their blogs.

Every day, we see numerous complaints in Blogger Help Forum: How Do I?, about inability to recover account access. And, we see occasional (not occasional enough) reports about blogs now owned by people who are not personally known by the rightful blog owner.

Blogger is continually improving their account recovery, authentication, and account hijack prevention policies. Unfortunately, as they improve in one area, they make things more difficult in another.

Until late 2010, Blogger / Google offered several options, for recovering account / blog access.
  • An automated wizard, where you could provide the URL of your blog, and have account recovery instructions sent to the email address registered with the Blogger account(s) that administered the blog, accompanied by the welcomed advice
    We've sent password reset instructions to your email account xxxxxxx@yyyyy.zzz.
  • An option, should the latter email account be unusable (the owner graduated from school, changed ISPs, changed jobs), to walk into many regional Google offices, present proof of identity, and regain access to some Blogger accounts.
  • In some limited cases, to transmit a facsimile of specific proof of identity documents to a Google office, have identity verified remotely, and regain access to some Blogger accounts.

In early 2011, we noted a significant number of cases where people were reporting logging in to Blogger, and finding various personal blogs missing from the dashboard blog lists. Checking the blogs themselves, they were found to be still online - but now owned by other persons. In an alarming number of cases, the persons then owning the mysterious blogs appeared to be part of a malicious and well planned attack, against Blogger accounts and blogs.

In mid 2011, Blogger changed the automated account recovery wizard, to not display the email address being used for the password recovery. Now, we see less detail.
We've sent login instructions to your GMail account.
or even
We've sent login instructions to your account at y****.com.
To recover account access, the blog owner is now required to remember the email address - or minimally, to have access to all owned email accounts, and check each account, one by one, until login instructions are found.

To reduce the need for local and remote identity verification, Google enhanced the account recovery wizard, where the blog owner can provide an email address (whether or not usable for incoming email), provide secondary details to prove identity, and regain access. They also added Two Step Verification, which lets you use a pre registered cell or home phone, as an additional / alternate identity token - both to prevent hijackings, and to recover account access.

Unfortunately, people who idly forget the password and the email address, or who forget (or never provide) secondary personal details when setting up their Google account, will always be a challenge. Another challenge is provided by people who value anonymity, and setup multiple email accounts to obscure their real life identity from their Blogger blog ownership.

In specific cases, Blogger is known to provide mysterious "hints" to people who have gratuitously used multiple email accounts - and who cannot now remember all accounts used.
Your email address is a***0@yahoo.com.
However, the limited effectiveness of hints should always be noted. The Blogger Help Forum: [FAQ] Regarding account-related issues won't be going away, for lack of traffic, any time soon.

>> Top

Comments

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".