Is someone checking your browsing?
This website will appear in your browser history. If you're concerned someone may be monitoring your internet use, consider using a trusted friend's device, a library computer, or your browser's private/incognito mode. You can press Quick Exit or hit Escape at any time to leave this site quickly.
Learn more about staying safe online
Someone changes the recovery email, phone number, or security questions on your accounts — so that if you try to reset your password, the reset goes to them instead of you.
What You Might Notice
You can't recover your account using your usual method
Your recovery email or phone number has been changed.
You receive notifications about recovery option changes you didn't make
Platforms often send alerts when recovery details are updated.
Security questions or backup codes have been modified
Answers to your security questions no longer work.
What You Can Do
Set up recovery options the other person can't access
Use a new email address or phone number they don't know about.
Enable login notifications
Get alerted every time someone logs into your account from a new device.
Regularly check your account recovery settings
Make it a habit to verify your recovery email and phone number haven't changed.
Important: This resource provides general information, not personal advice. Every situation is different. The actions suggested here may not be safe in your specific circumstances — particularly if the person causing harm could notice changes to your devices or accounts. Always consider your physical safety first.
If you need personalised support, contact 1800RESPECT (1800 737 732) or your local specialist domestic violence service. If you are in immediate danger, call 000.
Changing passwords and recovery options (backup email, phone number, security questions) on victim's accounts to lock them out and prevent recovery. This technique ensures persistent denial of access even if victim attempts account recovery procedures.
Multiple Recovery Methods Configure multiple recovery options so compromise of one does not eliminate account access.
SAFE-M-0044
Security Question Hardening Use fictitious answers to security questions that adversary cannot guess from personal knowledge.
SAFE-M-0045
Recovery Email Security Secure recovery email account with strong unique credentials and MFA.
Detection Indicators
ID
Detection Indicator
SAFE-D-0041
Unrequested Password Change Notifications Receiving confirmation of password or security changes not initiated by account owner.
SAFE-D-0042
Recovery Method Change Alerts Notifications of backup email, phone, or security question changes.
The TFA Matrix is a research framework under active development. Technique classifications, detection methods, and mitigations reflect current understanding and are subject to revision. This framework does not constitute forensic methodology, legal evidence standards, or clinical diagnostic criteria. Practitioners should apply professional judgement appropriate to their discipline and jurisdiction.