Registering for an account at any web site almost always requires an email address, and some people use a secondary address they don't care about instead of their real email address to avoid spam. If you do this, be very careful.


(Click the image above for a closer look.)

Microsoft shuts down Hotmail accounts that haven't been logged into after nine months. So if you registered for your Gmail account two years ago and used your Hotmail address as your secondary email address and never logged back in, you've put your Gmail account at risk.


Here's how: If your Hotmail account gets shut down due to inactivity, someone else can open a new one using your Hotmail address. Then, if that someone else requests a password reset from Gmail, it goes to that address, and that someone can get into your primary email account. This is how Twitter employees' Gmail accounts got broken into last week.

From Hotmail's help section:

Free Windows Live Hotmail accounts become inactive if you don't sign in for more than 270 days or within the first 10 days after signing up for an account. After an account becomes inactive, all messages, folders, and contacts are deleted. Incoming messages will be sent back to the sender as undeliverable. Your account name is still reserved. However, if the account stays inactive for an additional 90 days, the account name may be permanently deleted.

In the comments of our risks of cloud computing post, a reader said that his wife's last emails from her father were lost in a shutdown Hotmail account.

The Hidden Risks of Cloud Computing Every day more users move their computing lives from the desktop to the cloud and rely on hosted… Read more


If you are or ever were a Hotmail user, make sure all the important online accounts you use (banking, other email accounts, shopping sites where you've stored credit card information) don't send password reset messages to your Hotmail account, and that important messages aren't left there untouched for too long. Either that, or make absolutely sure you log in once every few months.

Update: My apologies for picking on Hotmail! Turns out Gmail and Yahoo Mail have similar deactivation policies. From Gmail's Help:

A dormant address is a Gmail address that hasn't been used for six months. You can still receive mail if your address is dormant, but you need to log in to keep your account active. If you don't log in to Gmail within three months of it being labeled dormant - or for nine consecutive months - Google may delete the address.


From Yahoo Mail's help:

Accounts are deactivated and removed after four months of no use. When an account is deactivated, you won't be able to access it, regardless of whether or not email has been received in the account during that time.



And sorry, but we can't retrieve any of the information that was formerly stored in it.


In summary, unlogged-into Hotmail and Gmail accounts expire after nine months and unlogged-into Yahoo accounts expire after six (unless you pay for Yahoo! Mail Plus). Looks like we all have to remember to log into those secondary webmail accounts.

Never Use Hotmail as Your Secondary Email Account [Smarterware]

Smarterware is Lifehacker editor emeritus Gina Trapani's new home away from 'hacker. To get all of the latest from Smarterware, be sure to subscribe to the Smarterware RSS feed. For more, check out Gina's weekly Smarterware feature here on Lifehacker.