At Google, we take online security seriously. To protect your Google Account, we strongly recommend following the steps below regularly.
Note: If you’re a journalist, activist or someone else at risk of targeted online attacks, learn about the Advanced Protection Programme.
Step 1: Run a Security Check-Up
Go to Security Check-Up to get personalised security recommendations for your Google Account, including:
Add or update account recovery optionsYour recovery phone number and email address are powerful security tools. This contact info can be used to help:
- Block someone from using your account without your permission
- Alert you if there's suspicious activity on your account
- Recover your account if you're ever locked out
Learn how to add or change your recovery phone number or email address.
2-Step Verification helps prevent a hacker from getting into your account, even if they steal your password. To avoid common phishing techniques associated with text message codes, choose a stronger second verification step:
- Security keys (most secure verification step)
- Google prompts (more secure than text message codes)
Increased security: Advanced Protection
If you’re a journalist, activist or someone else at risk of targeted online attacks, consider enrolling in the Advanced Protection Programme for a higher level of security. Advanced Protection uses security keys to protect against phishing, and includes other protections like blocking unsecure apps.
To better protect sensitive information, review which apps can use your account info and remove the ones that you don’t need.
- Manage apps with access to your account.
- Turn off access for apps that use less secure sign-in technology.
- Learn more about how to manage apps with access to your account.
Screen locks help protect your devices from being used without your permission. Learn how to set screen locks on an Android device.
Tip: For info on adding a screen lock on other devices and computers, visit the manufacturer’s support site.
Step 2: Update your software
If your browser, operating system or apps are out of date, the software might not be safe from hackers. To help protect your account, keep your software updated.
Update your browserMake sure that you use the latest version of your browser.
Learn how to update Google Chrome.
Tip: To learn how to update other browsers, go to the developer’s support site.
On your computer or device, make sure that you use the latest version of your operating system.
- Update Android devices: Learn how to check and update your Android version.
- Update Chromebooks: Learn how to update your Chromebook’s operating system.
Tip: To learn how to update other devices and computers, go to the manufacturer’s support site.
On your phone or computer, make sure that you use the latest version of apps.
- Update Android apps: Learn how to update your Android apps on Android devices and compatible Chromebooks.
- To help make sure that your apps are up to date, turn on automatic app updates for your Android devices.
- Turn on Google Play Protect: Google Play Protect helps keep Android devices safe from harmful apps.
- Learn how to turn on Google Play Protect.
Tip: To learn how to update apps on other devices and computers, go to the manufacturer’s support site.
Step 3: Use unique, strong passwords
It’s risky to use the same password on multiple sites. If your password for one site is hacked, it could be used to get into your accounts for multiple sites.
Make sure that you create a strong, unique password for each account.
Manage your passwordsA password manager can help you generate and manage strong, unique passwords. Consider using one from Chrome or another trusted password manager provider.
Tip: To find out if any passwords saved in your Google Account may be exposed, are weak or are reused for multiple accounts, you can use Password Checkup.
To get notified if you enter your Google Account password on a non-Google site, turn on Password Alert for Chrome. That way, you’ll know if a site is impersonating Google, and you can change your password if it gets stolen.
Tip: Turn on 2-Step Verification for an extra layer of account security.
Step 4: Remove apps and browser extensions that you don’t need
As more apps are installed on a device, it can become more vulnerable. On devices that have access to sensitive information, only install the apps and browser extensions that you need. To better protect your personal info, don’t install unknown apps or apps from unknown sources.
Learn how to uninstall apps and extensions on your device:
Tip: To find out how to remove apps and extensions from other devices and browsers, go to the device or browser’s support site.
Step 5: Protect against suspicious messages and content
Hackers can use emails, text messages, phone calls and web pages to pretend to be institutions, family members or colleagues.
Avoid suspicious requests- Never give out your passwords. Google never asks for your password in an email, message or phone call.
- Don't reply to suspicious emails, texts, instant messages, web pages or phone calls that ask for your personal or financial info.
- Don't click links in emails, messages, web pages or pop-ups from untrustworthy websites or senders.
To help protect your account, Gmail automatically identifies suspicious emails. To reinforce this built-in protection, you can also identify suspicious emails and settings yourself:
- Check if a Gmail message might be fake.
- Make sure that the email address and the sender name match.
- To help us stop scammers in the future, if you get a suspicious email in Gmail, report spam or phishing.
- Check your Gmail settings and make sure that there’s no unfamiliar activity.
Tip: If you're using Gmail on your computer, point to a link without clicking on it. At the bottom left, look at the web address and make sure that it's what you expect.
If you notice suspicious activity on your account
Follow the steps to help secure your account.