Google take online security seriously. To protect your Google Account(Gmail), Google strongly recommend following the steps below regularly.
Step 1: Do a Security Checkup
Go to Security Checkup to get personalized security recommendations for your Google Account, including:
Add or update account recovery options
Your recovery phone number and email address are powerful security tools. This contact info can be used to help:
- Block someone from using your account without your permission
- Alert you if there’s suspicious activity on your account
- Recover your account if you’re ever locked out
Turn on 2-Step Verification
2-Step Verification helps prevent a hacker from getting in to your account, even if they steal your password. To avoid common phishing techniques associated with text message codes, choose a stronger second verification step:
- Security keys (Most secure verification step)
- Google Prompts (More secure than text message codes)
Remove risky access to your data
Consider removing account access for any non-essential apps to better protect sensitive information.
- Manage apps with access to your account
- Turn off access for apps that use less secure sign-in technology.
Step 2: Update your software
If your browser, operating system, or apps are out-of-date, the software might not be safe from hackers. Keep your software updated to help protect your account.
Update your browser
Make sure you’re using the latest version of your browser.
Visit the developer’s support site to download the browser.
Update your operating system
Make sure you’re using the latest version of the operating system on your device or computer.
Update Android devices
Update Chromebooks
Note: For info on updating other devices and computers, visit the manufacturer’s support site.
Update your apps
Make sure you’re using the latest version of the apps on your phone or computer.
Update Android apps
Consider turning on automatic app updates for your Android devices to help make sure you’re always using the latest version.
Turn on Google Play Protect
Google Play Protect helps keep Android devices safe from harmful apps. Learn how to turn on Google Play Protect.
Step 3: Use unique, strong passwords
It’s risky to use the same password on multiple sites. If your password for one site is hacked, it could be used to get in to your accounts for multiple sites.
Make sure to create a strong, unique password for each account.
Manage your passwords
A password manager can help you generate and manage strong, unique passwords. Consider using one from Chrome or another trusted password manager provider.
Help protect your password from hackers
To get notified if you enter your Google Account password on a non-Google site, turn on Password Alert for Chrome. That way, you’ll know if a site is impersonating Google, and you can change your password if it gets stolen.
If your browser, operating system, or apps are out-of-date, the software might not be safe from hackers. Keep your software updated to help protect your account.
Make sure you’re using the latest version of your browser.
Make sure you’re using the latest version of the operating system on your device or computer.
Update Android devices
Learn how to check and update your Android version.
Update Chromebooks
Make sure you’re using the latest version of the apps on your phone or computer.
Update Android apps
Consider turning on automatic app updates for your Android devices to help make sure you’re always using the latest version.
Turn on Google Play Protect
Google Play Protect helps keep Android devices safe from harmful apps. Learn how to turn on Google Play Protect.
Step 3: Use unique, strong passwords
It’s risky to use the same password on multiple sites. If your password for one site is hacked, it could be used to get in to your accounts for multiple sites.
Make sure to create a strong, unique password for each account.
A password manager can help you generate and manage strong, unique passwords. Consider using one from Chrome or another trusted password manager provider.
To get notified if you enter your Google Account password on a non-Google site, turn on Password Alert for Chrome. That way, you’ll know if a site is impersonating Google, and you can change your password if it gets stolen.
Step 4: Remove apps & browser extensions you don’t need
As more apps are installed on a device, it can become more vulnerable. Install only essential apps and browser extensions on devices that have access to sensitive information. Avoid installing unknown apps or apps from unknown sources to protect your device and personal info.
Ensure to
- Delete or disable apps on Android devices
- Uninstall extensions on Chrome
- Uninstall apps or extensions on Chromebooks
Step 5: Protect against suspicious messages & content
Hackers can use emails, text messages, phone calls, and web pages to pretend to be institutions, family members, or colleagues.
Avoid suspicious requests
- Never give out your passwords. Google will never ask for your password in an email, message, or phone call.
- Don’t reply to suspicious emails, texts, instant messages, webpages, or phone calls that ask for your personal or financial info.
- Don’t click links in emails, messages, webpages, or pop-ups from untrustworthy websites or senders.
Avoid suspicious emails
Gmail is designed to help protect your account by automatically identifying suspicious emails. You can also use these tips to help you identify suspicious emails and settings:
- Check if a Gmail message might be fake.
- See if the email address and the sender name match.
- If you get a suspicious email in Gmail, report spam or phishing to help us stop similar emails in the future.
- Check your Gmail settings to make sure there’s no unfamiliar activity.
Avoid suspicious web pages
Google Chrome and Search are designed to warn you about suspicious content and unwanted software.
Learn how to manage these warnings in Chrome and Search.