The Google for Education Community Platform

panderson · ‎10-17-2023

So one of the things that I think is really great is getting emails whenever my account is logged into on a new device. I think it is a great security feature, so I recommended it to other staff. Then I found out that because we are a "Primary/Secondary" organization, they don't get the option of recovering their password or account. I really don't care about either of those options, I would just like them to be able to get the notification email of when their account is logged into on a new device, etc. Does anyone know if there is a way for us to be able to do that? If they have a home email address entered, would it go there?

Here is the link that I found, that explains why the "Account Recovery" option is not available.

https://support.google.com/a/answer/33382?amp;p=accnt_recovery_users&rd=1&product_name=UnuFlow&v...

Kind of disappointing in my opinion.

Kim_Nilsson · ‎10-23-2023

But, is this notification really connected to the Password Recovery feature? I also get such notifications on accounts where I don't have any PR set up.

--
https://wheretofind.me/@NoSubstitute

panderson · ‎10-31-2023

I should have clarified, it sends the notification to the account that is set up in the password recovery area and not just to the account accessed. If someone hacks the account, the first thing that they do is delete the email, so unsuspecting individuals have no idea their account has been compromised.

Kim_Nilsson · ‎10-31-2023

Ah, got it. Such notifications are sent to the alternate/recovery email IF there is such an email. Else they are sent only to the account email itself.

--
https://wheretofind.me/@NoSubstitute

Kelly_McMahon · ‎11-01-2023

Our students get "security alerts" when their account is used to log into another device. I don't recall doing any special setup for this. Also we are a K-8 school and only email within the domain are allowed for students but they do get google classroom notifications and these security alerts.

panderson · ‎11-01-2023

Yes, the alerts go to the user's email, but if an account is compromised, the attacker will delete the email as soon as they log in and the user will never see it. When an admin logs in, it goes to their email address and the recovery account, there is no setting for regular users of the organization, because they can't recover their accounts, so there is no way to set it up. I think that they probably could go through all the steps to create a filter to forward those emails to another account, which should work because it would happen as soon as the account was logged into.

Kelly_McMahon · ‎11-01-2023

I see where you are going with this. Interesting idea

MColeman · ‎11-08-2023

Not sure if this will help you out, but you can set the recovery password on an under-18 account using GAM. At least it shows up in the admin console in Recovery Information for the user. I don't know if it would then send the email or not. The command is : gam update user <user email> recoveryemail ""<recovery email>""

panderson · ‎11-08-2023

Cool, I will have to check it out. My first concern is staff, although we do have them all using two-factor, but will try it with a student account too, and see if it actually works.

Kim_Nilsson · ‎11-08-2023

A person with 2FA shouldn't need a recovery email/number.

Unless you are dealing with an old AppleID, in which case you better hope they do, because that's a horrible mess otherwise.

--
https://wheretofind.me/@NoSubstitute

The Google for Education Community Platform

Account recovery feature