How to Keep Your Google Account Safe from Hackers

Co-authored by Mitch Harris

Last Updated: February 2, 2023 References

Hackers are always trying to find ways to hack into your Google account and steal your information. Luckily, Google has many tools that you can use to help keep your account secure. This wikiHow article will teach you how to keep your Google account safe from hackers.

Method 1

Method 1 of 6:

Protecting Your Password

1
Create a strong password. Don't use your name, birth date, pets or kids names, or the name of your street as your password: make it hard to guess.^{[1]
X
Research source}
- A strong password will be at least 10 characters in length, but the more the better. The longer your password is, the more time it will take the hacker to crack it.
- A strong password should contain at least one of each of the following characters: lower-case letters, upper-case letters, numbers, and special characters.
2
Do not use your Google password anywhere else. Create a different password for every website that you use.
- It's not enough to use the same password with different numbers at the end (e.g., password1, password2 …).
- Consider downloading the Password Alert extension if you use Google Chrome. Password Alert will warn you whenever you enter you Google Password on a non-Google site, which can help protect you from phishing and accidentally using your Google password on another site. To use Password Alert, simply download it from the Chrome store, and then follow the onscreen directions.
Advertisement
3
Consider Using a password manager. As you create more accounts and passwords, it'll likely be difficult to remember them all. There are many good password managers available that will encrypt and safely store your passwords, such as 1Password, LastPass, and KeePass.
- You might have a password manager built into your operating system — for example, Mac users have keychain available to them for free.
- If you don't want to use a password manager, consider using a passphrase, for example: “I like big butts and I cannot lie!” might become iLbBaIcL!
4
Avoid sharing your Google password with anyone. Even people you trust, like your friends and family, might accidentally share your password with someone you don't trust.
5
Only log in on trusted computers. If you are using a computer that you don't know or trust, then don't even log into your account. Hackers commonly use key loggers on computer systems that record everything you type, including passwords.
- If it's not possible for you to avoid typing a password into a computer you don't trust, then change your password once you're back at your own computer.

Method 2

Method 2 of 6:

Accessing Your Security Settings

1
Visit myaccount.google.com. You may be asked to sign in with your Google account if you aren't already.
2
Click the "Security" tab. It's on the left side of the page.

Method 3

Method 3 of 6:

Making Use of Google's Security Settings

1
Enable two-step verification. Two-step verification makes sure that even if a hacker guesses your password, then your account will still be safe. Every time you log in from a new device, you will get a code or notification from Google that you will have to enter or approve in order for the sign in to be successful.^{[2]
X
Expert Source

Mitch Harris
Consumer Technology Expert
Expert Interview. 16 July 2021.}
- Google prompt is the most secure method of two-step verification, while an authenticator app is somewhere in the middle with voice or text message being the least secure (although any of these methods would be more secure than not having two-step verification at all).
2
Regularly check your account activity. Google keeps a log of all major security events on your account and allows you to view them. The log will show the changes and the location of where the changes were made. If you click on the event, then you can see more information about it, such as the IP address of the computer that made the change, the device that was used, and a map of the location.^{[3]
X
Expert Source

Mitch Harris
Consumer Technology Expert
Expert Interview. 16 July 2021.}
- If you see something that you don't recognize, then you should change your password immediately.
3
Review your app passwords. Delete app passwords that you no longer use to make it harder to hack into your account. If you use an app that requires an app password, then you should look into other services or apps that don't require app passwords, as app passwords can allow hackers to bypass two-step verification.^{[4]
X
Research source}^{[5]
X
Research source}
- If you don't have any app passwords, then you can skip this step.
4
Choose a secure PIN. Some Google services, like Google Pay, allow you to set a PIN that you can use to verify your identity. When you chose a PIN, use a completely random number. Don't use your birth date, home address, part of a phone number, or any other number that can be linked back to you.
- Your account may not have an option to set a PIN.
5
Add a recovery phone and email. Adding recovery phone or email allows you to gain access to your account in case you ever forget your password. It can also allow you to take control of your account back from the hacker.
- Make sure that you only use an email address or phone number that you control, don't use the ones of friends or family. Even if you trust your friends or family, their account could be hacked, or phone stolen, which would then put your account at risk.
6
Review the devices that are signed into your account and check third-party app access. Reviewing these areas on your account will allow you to make sure that only your current devices and services have access to your account. Make sure to remove any old devices and accounts that you don't use anymore. If you see something that you don't recognize, then you should immediately remove it and change your password.^{[6]
X
Expert Source

Mitch Harris
Consumer Technology Expert
Expert Interview. 16 July 2021.}

Method 4

Method 4 of 6:

Using Security Checkup

1
Go to myaccount.google.com. You may be asked to sign in with your Google account if you aren't already.
2
Navigate to the "We keep your account protected" header. Click on the “Get started” link.
- You can directly access this page by visiting myaccount.google.com/security-checkup on your browser.
3
Wait for the results. If your account is safe, then you will see a “No issues found” message.
4
Review the results. You can review the Recent security events, Sign-in & recovery, Third-party access and Your devices from there. Click on each option to view more details.
- If any issues are found, then follow the recommended action to secure your account.

Method 5

Method 5 of 6:

Taking Advantage of Other Security Settings

1
Disable POP3 and IMAP access if you don't use it. POP3 and IMAP are communication methods that some email programs use to access your email. However, these methods to access your account can create a security risk because they bypass two-step verification. If you don't use an app the requires IMAP or POP, then you should disable them.^{[7]
X
Research source}
- To disable POP3 and IMAP access, navigate to Gmail, and then click on the settings gear in the upper right corner, click "settings", and then select the Forwarding and POP/IMAP tab. Once there, select the disable option for both services, and then click on Save Changes
- The Mail app on Windows 10 and the Gmail app on your phone should continue to work even if POP3 and IMAP are disabled.
2
Set up Inactive Account Manager. Inactive Account Manager is a feature that makes sure that your Google account will be deleted or that access will be given to somebody else that you trust if you ever are unexpectedly unable to access you account. It's a good idea to set up Inactive Account Manager so that if you are unable to access your account, or if you forget about it, then your account will still be taken care of and your data will be safe.
3
Avoid spam emails. Spam emails are annoying, but they can also be dangerous. Don't click on any links in spam emails and avoid even opening emails in your spam folder.
- Gmail also allows you to block emails from specific email addresses that you do not trust or want to hear from.
- Know how to spot a scam. If you suspect a phishing email, then report it. To avoid getting phished, beware of the following:
  - Messages with poor grammar, spelling, and typos.
  - Messages asking for your personal information such as your credit card info, driver's license, social insurance number, date of birth, etc.
  - Messages claiming that your account will be deleted unless you give out your password.

Method 6

Method 6 of 6:

Protecting Your Computer/Device

1
Use up-to-date anti-virus software. Anti-virus software helps keep your computer secure by preventing, detecting and removing malware. There are several free anti-virus programs available online (popular ones include AVG Antivirus and Sophos). If you don't already have one, download one now, ensure that it's kept up to date, and run scans regularly.
2
Keep all software up to date. In particular, ensure that your browser and operating system are updated.
3
Uninstall programs or apps that you don't use. Old apps and programs can actually be a security risk, and they might also be collecting your data without your knowledge, so it's best to just remove them.^{[8]
X
Research source}
4
Set a device password or screen lock. Setting a password on your device will help make sure that your Google account will stay safe even if your device is stolen.

Expert Q&A

Question

What is the meaning of two-step verification?

Mitch Harris
Consumer Technology Expert
Mitch Harris is a Consumer Technology Expert based in the San Francisco Bay Area. Mitch runs his own IT Consulting company called Mitch the Geek, helping individuals and businesses with home office technology, data security, remote support, and cybersecurity compliance. Mitch earned a BS in Psychology, English, and Physics and graduated Cum Laude from Northern Arizona University.

Mitch Harris

Consumer Technology Expert

Expert Answer

Two-step verification uses both your password and a second device to secure your account. After you log in, Google will ask you to verify your login with your email or phone. This way, if a stranger logs into your account, they won't be able to get in.
Question

Should I change my password if I get hacked?

Mitch Harris
Consumer Technology Expert
Mitch Harris is a Consumer Technology Expert based in the San Francisco Bay Area. Mitch runs his own IT Consulting company called Mitch the Geek, helping individuals and businesses with home office technology, data security, remote support, and cybersecurity compliance. Mitch earned a BS in Psychology, English, and Physics and graduated Cum Laude from Northern Arizona University.

Mitch Harris

Consumer Technology Expert

Expert Answer

Definitely! You should always change your password after you notice a strange log-in attempt, even if you have two-step verification turned on. Someone clearly knows your password if you're getting notified about log-ins.
Question

How do you know POP3 gives data to a hacker?

R2_d2000

Top Answerer

POP3 can allow a hacker to access your Google account because it bypasses two-step verification. However, it will only allow hackers to access your email, and you still need the account password to access data through POP3. If you use a program that requires POP3, then just make sure that you have a secure password and you should be fine.