1. Scan for malware
Malware is software that can gain access to your account, spy on your activity, delete your files, and make changes to your online access. It usually sneaks through your devices as password protected and zipped files that end in .scr or .exe file.
Malware can come from:
- Suspicious links: Clicking on a link in a spam or fake sponsorship or brand deal email
- Infected downloads: Downloading a program from an untrusted source
- Fake software updates: Installing a fake software update that contains malware
We recommend
- Use antivirus software
- Turn on Enhanced Safe Browsing in Google Chrome
Turn on Enhanced Safe Browsing |
Enhanced Safe Browsing automatically scanning a download for malware |
More about Enhanced Safe BrowsingBecause antivirus software may not scan some encrypted files, we recommend also turning on Enhanced Safe Browsing so that all files downloaded from Google Chrome are scanned for malware. Enhanced Safe Browsing provides real-time security scanning to keep you safe across all Google products when using Google Chrome. |
2. Use a passkey for 2-Step Verification
Stolen passwords are one of the most common ways that accounts are compromised. Once you’ve created a strong password, you can turn on 2-Step Verification (also known as 2SV or two-factor authentication), which adds a second verification step for another layer of security.
You can choose from different kinds of verification steps, each with varying levels of security:
- Passkeys: Device verification like fingerprint, face scan, or phone screen lock. Passkeys provide the strongest protection against phishing.
- Security keys: Physical verification device that provides strong protection against phishing.
- Google Prompts: Phone notification that’s more secure than text message verification codes.
- Google Authenticator: App that works offline and generates one-time verification codes.
- Phone verification codes: Less secure type of verification codes sent by text or phone call.
- Backup codes: Less secure type of verification codes that are downloaded and printed.
We recommend
For the strongest protection against threats like phishing, set up 2-Step Verification and choose a passkey as your second verification method.
3. Make an account recovery plan
To make sure you can get back into your Google Account if you ever can’t sign in, you can add recovery options, like your phone number and email address.
Recovery options can be used to:
- Block someone from using your account without your permission
- Alert you if there’s suspicious activity on your account
- Recover your account if you’re ever locked out or forget your password
Learn more about how recovery options can be used to keep your account secure.
We recommend
Add recovery options, like your phone number and email address, to your account so you can quickly recover your account if you ever need to.
Did you lose access to your Google Account? Restore your Google Account.