Registering for an account at any web site almost always requires an email address, and some people like to use a secondary address they don’t really care about instead of their real email address to avoid spam. If you do this, don’t use a Hotmail (Update: or other free webmail) account.
Microsoft shuts down Hotmail accounts that haven’t been logged into after nine months. So if you registered for your Gmail account two years ago and used your Hotmail address as your secondary email address and never logged back in, you’ve put your Gmail account at risk.
Here’s how: If your Hotmail account gets shut down due to inactivity, someone else can open a new one using your Hotmail address. Then, if that someone else requests a password reset from Gmail, it goes to that address, and that someone can get into your primary email account. This is how Twitter employees’ Gmail accounts got broken into last week.
From Hotmail’s help section:
Free Windows Live Hotmail accounts become inactive if you don’t sign in for more than 270 days or within the first 10 days after signing up for an account. After an account becomes inactive, all messages, folders, and contacts are deleted. Incoming messages will be sent back to the sender as undeliverable. Your account name is still reserved. However, if the account stays inactive for an additional 90 days, the account name may be permanently deleted.
In the comments of my post at Lifehacker this morning, a reader said that his wife’s last emails from her father were lost in a shutdown Hotmail account.
If you are or ever were a Hotmail user, make sure all the important online accounts you use (banking, other email accounts, shopping sites where you’ve stored credit card information) don’t send password reset messages to your Hotmail account, and that important messages aren’t left there untouched for too long. Either that, or make absolutely sure you log in once every few months.
Update: My apologies for picking on Hotmail! Turns out Gmail and Yahoo Mail have similar deactivation policies. From Gmail’s Help:
A dormant address is a Gmail address that hasn’t been used for six months. You can still receive mail if your address is dormant, but you need to log in to keep your account active. If you don’t log in to Gmail within three months of it being labeled dormant — or for nine consecutive months — Google may delete the address.
From Yahoo Mail’s help:
Accounts are deactivated and removed after four months of no use. When an account is deactivated, you won’t be able to access it, regardless of whether or not email has been received in the account during that time.
And sorry, but we can’t retrieve any of the information that was formerly stored in it.
In summary, unlogged-into Hotmail and Gmail account expire after nine months and unlogged-into Yahoo accounts expire after six (unless you pay for Yahoo! Mail Plus). Looks like we all have to remember to log into those secondary webmail accounts.