Your Google Account opens the door to many Google products, so it’s especially important to make sure hackers can’t get your account info. To help protect your account and the info stored there, you can take extra steps.
Tip: To help get into your account if you lose your login info in the future, add a recovery phone number or email address to your account.
Take action to help keep your account safe
You can enhance the built-in ways Google already protects your account. These actions improve account security and help safeguard your account access.
Add a recovery email & phone numberA recovery phone number or email address helps you reset your password if:
- You forget your password.
- Someone else uses your account.
- You’re locked out of your account for another reason.
You can add an extra layer of protection against password scams with 2-Step Verification.
Once you turn on 2-Step Verification, every time you enter your password to sign in, you also confirm your identity on a personal device. To complete your sign in, you need access to both:
- Something you know, like your password
- Something you have, like your phone
This helps keep hackers out of your account, because even if they learn your password, they don’t also have access to your phone.
Since you use your device to sign in with 2-Step Verification, it’s especially important to set up additional recovery options. That way, if you lose your device, you can still get into your account.
Tip: To protect your account, older phones and less secure apps may be blocked from 2-Step Verification. If this happens, you can still sign in with App Passwords. If you can use Sign in with Google instead, you don’t need App Passwords. Learn more about App Passwords.
- Keep your personal info safe.
- Protect your emails, files, and other content.
- Prevent someone else from getting into your account.
Learn how to create a strong password.
Tip: To create strong, unique passwords that you don’t have to remember, use Google Password Manager. Google Password Manager stores your account password and other passwords you save behind Google’s built-in password encryption.
Enhanced Safe Browsing can help protect you from dangerous websites and downloads. If you turn on Enhanced Safe Browsing and sign in to Chrome or Gmail, it runs in the background. While you’re online, it:
- Warns you about or blocks dangerous websites, downloads, and extensions
- Helps Google detect phishing and harmful software for you and everyone on the web
- Provides better protection from dangerous links across Google apps
You can add Password Alert to your Chrome browser. When you do, it sends you automatic alerts when you use your Google password to sign in to non-Google sites. That way, if someone pretends to be Google to try and steal your password, you can find out.
You can add a trusted contact to your account to get a notification if you’ve been inactive for a certain period of time. You can also choose to share certain parts of your account data with this person.
If you are at a higher risk of targeted attacks, you can get Google’s strongest account security in the Advanced Protection Program. Google recommends the Advanced Protection Program for:
- Journalists
- Activists
- Political campaign staffers
- Business leaders
- IT admins
- Anyone else whose Google Account contains valuable files or sensitive information
When you sign in to your Google Account on a new device, Advanced Protection asks for a security key. Even if a hacker has your username and password, they can't sign in without your security key.
Advanced Protection also helps protect you from possibly harmful downloads and apps.
Check your account security regularly
To stay safer online, regularly review your account security with these checks:
Run a Security CheckupTo get personal recommendations for your Google Account, run a Security Checkup. You can review info like:
- Your devices: Check which devices have signed in to your account.
- Recent security activity: Review unusual activity on your account, like if a new device has signed in.
- Third-party access: Check which non-Google apps are linked to your account.
- Saved passwords: Find and change unsafe passwords in your Google Account with Password Checkup.
To better protect sensitive information, review which apps can use your account info and remove the ones you don’t need.
- Manage apps with access to your account.
- Turn off access for apps that use less secure sign-in technology.
- Learn more about how to manage apps with access to your account.
If your browser, operating system, or apps are out-of-date, the software might not be safe from hackers. To help protect your account, keep your software updated.
Update your browser
Make sure to use the latest version of your browser.
Learn how to update Google Chrome.
Tip: To learn how to update other browsers, go to the developer’s support site.
Update your operating system
On your computer or device, make sure to use the latest version of your operating system.
Update Android devices
Learn how to check and update your Android version.
Update Chromebooks
Learn how to update your Chromebook’s operating system.
Tip: To learn how to update other devices and computers, go to the manufacturer’s support site.
Update your apps
On your phone or computer, make sure to use the latest version of apps.
Update Android apps
Learn how to update your Android apps on Android devices and compatible Chromebooks.
To help make sure your apps are up-to-date, turn on automatic app updates for your Android devices.
Tip: To learn how to update apps on other devices and computers, go to the manufacturer’s support site.
Turn on Google Play Protect
Google Play Protect helps keep Android devices safe from harmful apps. Learn how to turn on Google Play Protect.
As more apps are installed on a device, it can become more vulnerable. On devices that have access to sensitive information, only install the apps and browser extensions you need. To better protect your personal info, don’t install unknown apps or apps from unknown sources.
Learn how to uninstall apps and extensions on your device:
Tip: To learn how to remove apps and extensions from other devices and browsers, go to the device or browser’s support site.
Hackers can use emails, text messages, phone calls, and web pages to pretend to be institutions or people you know.
Avoid suspicious requests
- Never give out your passwords. Google never asks for your password in an email, message, or phone call.
- Don’t reply to suspicious emails, texts, instant messages, web pages, or phone calls that ask for your personal or financial info.
- Don’t click links in emails, messages, web pages, or pop-ups from untrustworthy websites or senders.
Avoid suspicious emails
To help protect your account, Gmail automatically identifies suspicious emails. To reinforce this built-in protection, you can also identify suspicious emails and settings yourself:
- Check if a Gmail message might be fake.
- Make sure the email address and the sender name match.
- To help us stop scammers in the future, if you get a suspicious email in Gmail, report spam or phishing.
- Check your Gmail settings and make sure there’s no unfamiliar activity.
Tip: If you use Gmail on your computer, point to a link but don’t click it. At the bottom left, find the web address and make sure it's what you expect.
Avoid suspicious web pages
Google Chrome and Search are designed to warn you about suspicious content and unwanted software.
Learn how to manage these notifications in Chrome and Search.