Accessing your Gandi account: your recovery options if you lose your logins
Gandi recently added an “Account” team, who dedicated all their energy and skills to improving the management of accounts and the addition of secure and practical tools for helping users. Within this framework, options for managing logins and security options was greatly improved, with a new tool combining security and simplicity, in order to help in the event of a loss of logins. Currently, the login and login recovery options are similar, but separate, and must be dealt with separately.
What do I do if I lose my logins?
When you created you Gandi profile, you provided an email address, which is an essential piece of contact information for the management of your account. If, for some reason or another, you no longer have access to the password provided when the account was created, it would be necessary to launch an account recovery process. Until now, this process, “forgot your password?”, consisted of sending you an email to the address that identifies you, and to ask you to reinitialize the password. The “recovery” procedure was just a simple extension of the “login” procedure.
Note that you could also add a telephone number to your profile, though it was only used to contact you, and not identify you, and so could not be considered as a means of account recovery.
It also may be the case that the email address is not be accessible to you from everywhere (for ex. a professional address), or it might not even be yours (in the case that someone else created your account at Gandi for you). Because of this, it might not be enough to allow you to regain access to your interface.
It is currenty possible to have a wider range of options at your disposal for use to gain access to your account. In addition to the email address used to identify you, it is possible to specify another email address, a telephone number, an authentication key, or even a QR code that you can scan to log in.
What are my account recovery options?
It was necessary to find the right balance between user comfort (being able to quickly and autonomously regain access to their account), and security (including all the potentially heavy procedures that might be needed). It’s a good thing to be able to recover access to your account quickly, but it should not be too simple.
1. Recovery choices
As a Gandi user, identified by an email address, you are asked to define other methods for proving that it is indeed you that is trying to log in.
Another email address
You can add another email address, if the one linked to your account is, for example, a professional address to which you don’t always have access. This may also be useful if your emails are not accessible any longer, for some reason.
A telephone number
You can add a telephone number, which will be validated by a 6-figure code that we will send you, in order to be sure that no typo was made. Until now, we only used your phone number as an alternative way to contact you in the case of a problem, but now it can be used for identification.
An identification key
You can add to this recovery procedure one or more identification keys if you have access to this type of accessory. Note that until now it was possible to use this type of key for two-factor authentication, we are just extending its use for access recovery.
A QR code to print and to scan
If you want, you can opt for a QR code that you had previously printed out. By scanning the physical document that you kept safe, you can access your account.
You can choose the number and nature of these backup login means, depending on what you are familiar with, the tools that you have, and as we’ll see, the degree of security that you want to have with this procedure.
2. A secure cocktail of verification means
The number and nature of these various ways to identify yourself change how you can regain access to your account: Gandi gives each of these options a different weight, and sort of calculates a “score”. This score is then compared against a predefined threshold, under which further proofs of ID will be requested. Once the threshold is reached by the combination of distinct authentication factors, you will be able to gain access and define a new password.
Of course, this process is only really efficient if it is set up beforehand: you should not wait until you’re in an unfortunate situation before worrying about what recovery methods you have. The first bit of advice that we can give to you is to log into your Gandi account and set this up with just a few clicks.
You can do this from the “User Settings” section:
The settings related to managing logins and recovery options is towards the bottom of the page.
Depending on the nature of the options added and validated, the security of your account will improve, “OK” as soon as you add one option, “Great” if you have 3 etc.
This tool tries to find the right balance between ease of use and security: the selection of recovery options is modular, customizable, and relatively simple to put in place. These precautions mean that if ever you lose your login credentials, you can still regain access to your account in a manner that is just as secure.
While this new tool has been designed with the needs of Gandi users in mind, there are surely areas of improvement possible. Future enhancements will surely be added depending on the comments and feedback that we get from those who use it, given the wide diversity of their profiles and use. Consequently, please feel free to share with us your impressions and suggestions for improvement, they are more than welcome!