Start with backup codes

Start Recover a Password Without Email or Phone with the constraint that matters most in real life: space, timing, budget, skill level, maintenance, or availability. That first constraint should shape the rest of the plan instead of appearing as an afterthought. Keep the first pass simple enough to verify. Compare the main options against the same criteria, remove choices that only work in ideal conditions, and save optional upgrades for later.

The simplest way to use this section is to write down the real constraint first, compare each option against it, and choose the path that still works outside ideal conditions.

Use security questions if enabled

When email and phone numbers are inaccessible, security questions often serve as the final verification checkpoint. Many platforms still rely on these legacy prompts to confirm identity when other contact methods fail. If your account has this feature enabled, answering these questions correctly can bypass the need for immediate contact verification.

Locate the recovery option

Start by navigating to the login page of the service you are trying to access. Look for a link labeled "Forgot password?" or "Can't access your account?" and click it. Enter your username or email address associated with the account.

Password recovery
1
Find the recovery form

Click "Forgot password?" on the sign-in page to begin the recovery process. This usually triggers the first step of identity verification.

Password recovery
2
Select security questions

If email and SMS are unavailable, the system will offer alternative verification methods. Look for an option to answer security questions.

Password recovery
3
Answer the prompts

Answer each question exactly as you originally set them. Even small differences in capitalization or punctuation can cause the system to reject your answer.

Answer carefully

Security questions are not designed to be tricky, but they are strict. If you set your answer to "Blue" but the system expects "blue," it may mark it as incorrect. Try to recall the exact phrasing you used when you first created the account. If you remember the answer but it fails, check for common variations you might have used.

What if the questions fail?

If you cannot remember the answers or the system rejects them, you may need to provide additional proof of identity. Some platforms allow you to upload ID or answer supplementary questions. If all verification methods fail, you might need to create a new account or contact support directly for manual review.

Verify identity through support

When automated reset links fail, you must prove you own the account by talking to human support. This process replaces the missing email or phone with proof of ownership. Support agents review your evidence to confirm your identity before issuing a recovery link or resetting credentials.

The verification workflow depends on the platform, but the core requirement remains the same: you must provide data that only the account holder would know or possess. This might include previous passwords, billing receipts, or device fingerprints.

Password recovery
1
Locate the official support channel

Search for the official help center of the service provider. Avoid third-party forums or unofficial sites. For example, Google directs users to support.google.com/accounts for account recovery, while Microsoft uses account.live.com/password/reset. Always verify the URL belongs to the legitimate company to prevent phishing.

Password recovery
2
Submit a manual recovery request

Navigate to the "I can't access my account" or "Forgot password" section. Select the option that indicates you no longer have access to your recovery email or phone number. This usually triggers a manual review ticket rather than an automated flow. Be prepared to answer security questions if they are still active in the system.

Password recovery
3
Provide proof of ownership

Upload or type in specific details that link the account to you. For email providers, this might be the subject line of a recent email you received. For e-commerce or banking accounts, a scanned receipt or the last four digits of the payment method is often required. The more specific the data, the faster the verification.

Password recovery
4
Wait for the verification outcome

Support teams typically respond within 24 to 72 hours. They may contact you via a secondary email address you provided during the request. If approved, you will receive a secure link to set a new password. If denied, review the error message for missing details and resubmit with stronger evidence.

This manual process is slower than automated resets but is the only reliable path when standard recovery methods are blocked. Ensure all submitted documents are clear and legible to avoid delays.

Check for saved passwords locally

If you previously allowed your browser or operating system to remember your login details, the actual password is likely stored on your device. Retrieving it is often faster than resetting credentials or contacting support. This method works only if you have access to the specific device where you originally logged in.

On Windows (Microsoft Edge)

Microsoft Edge saves passwords in a secure vault that you can view in plain text.

  1. Open Edge and click the three-dot menu in the top-right corner.
  2. Select Settings, then click Profiles and Passwords.
  3. Find the account you need and click the eye icon next to the password field.
  4. Enter your Windows PIN or password to confirm your identity.
  5. Copy the revealed password.

On macOS (Google Chrome)

Chrome on Mac stores credentials in the Keychain Access utility, but it is easier to view them through the browser settings.

  1. Open Chrome and click the three-dot menu, then go to Settings.
  2. Click Autofill and passwords and select Google Password Manager.
  3. Search for the relevant website in the search bar.
  4. Click the entry, then click the eye icon.
  5. Authenticate with your Touch ID or Mac password to reveal the text.

On Android and iOS

Mobile browsers often sync with desktop versions, but you can also check the browser app directly.

  1. Open Chrome or Safari on your phone.
  2. Go to Settings > Passwords.
  3. Use Face ID, Touch ID, or your passcode to use the list.
  4. Tap the account to view the username and password.

Important Security Note

Viewing saved passwords exposes them to anyone with physical access to your unlocked device. Once you retrieve the password, consider changing it to a new, unique value, especially if you suspect your account was compromised. Do not share the revealed password with anyone.

Password recovery

Common recovery mistakes to avoid

Recovering a password without email or phone is a high-stakes process where patience matters more than speed. Many users panic and trigger security locks by guessing too many times, or they fall for scams that promise instant access. Stick to official channels and avoid shortcuts that compromise your data.

Guessing too many times

Most platforms lock accounts after a set number of failed attempts. If you are already locked out, waiting 24 hours is often safer than brute-forcing the answer.

Using unverified third-party tools

Avoid downloading "password recovery" software from unknown sources. These tools are often malware designed to steal your data rather than help you regain access. Stick to official support pages and verified methods.

Secure your account after recovery

Regaining access is only half the battle. If you don’t update your security settings, you risk another lockout the moment that compromised password is leaked. Treat this step as your insurance policy against future data breaches.

1. Change your password immediately

Even if you remember your old password, assume it has been exposed. Generate a strong, unique password for your account and use a password manager to store it securely. This ensures that even if the old credentials were stolen, they won’t work anymore.

2. Add backup contact methods

Since you lost access without email or phone, this is the most critical step. Add a secondary email address and a mobile number to your account profile. These serve as your lifeline if you lose access to your primary recovery method again. Most services allow you to set up multiple recovery options in the security settings.

3. Enable two-factor authentication (2FA)

Two-factor authentication adds a second layer of security that doesn’t rely solely on your password. Use an authenticator app rather than SMS if possible, as SIM swapping is a common attack vector. This makes it significantly harder for attackers to bypass your login, even if they have your password.

4. Review active sessions

Check your account’s "active sessions" or "where you’re logged in" section. Terminate any sessions you don’t recognize, especially those from unfamiliar devices or locations. This forces any potential intruders to log out and requires them to pass your new 2FA setup to get back in.

5. Update saved passwords on other devices

If you reuse passwords across multiple sites, change them everywhere. Many browsers and apps save your login credentials automatically. After changing your primary password, ensure your devices are syncing the new credentials so you don’t get locked out elsewhere.

  • Changed primary password to a unique, strong string
  • Added secondary email and phone number as recovery options
  • Enabled two-factor authentication (2FA) via authenticator app
  • Terminated all unrecognized active sessions
  • Updated saved passwords on all linked devices and browsers

Frequently asked: what to check next