How to Avoid Having Your Google Account Hacked

Keep your Google account safe

What to Know

  • Don't reuse passwords, and don’t make up passwords—use password generators. Also, delete emails that include passwords.
  • Keep your computer’s antivirus software up-to-date.
  • Don't use security questions that anyone can discover. Also, use Google's Two-Step Verification.

You use your Google account for Gmail, but you also might use it for other apps, including your Android phone login and Google Play account. Because it's such a big part of your online identity, you can, and should, take some important steps to protect your Google password.

Woman surprised at phone
Credit: Zero Creatives
  1. Don't reuse passwords. Coming up with a unique password for each service you use is the most important rule. Using the same password makes it easier for hackers to get to your data. If you use only one, they can guess your password once and know it everywhere. If you don't want to write every password down, use a management system like PassPack or LastPass to store them digitally. You still need to make sure your passwords are strong, and you still need to change them every once in a while. Even LastPass has been hacked.

  2. Don't make up your own passwords. A lot of sites offer advice on how to make up memorable, secure passwords, but they're never going to be as secure as letting a machine do it. Humans fall into patterns and tend to put numbers, symbols, and uppercase elements of passwords into the same spots.

    Use a random password generator to make secure passwords. Most password storage services, including LastPass and Chrome's built-in password-saving feature, offer the option to generate a password when you have to come up with a new one and will remember it for you.

    To see passwords you've saved using Chrome's secure password-saving feature, visit chrome://settings/passwords.

  3. Use two-step verification. Two-step verification requires two separate items: something you have and something you know. Set up your Google account to employ two-step verification that relies on your password and your phone. When you log in from a new computer, Google will text you a number for additional security.

    Google offers its own authenticator app that runs two-factor on many different sites.

  4. Make sure your secondary email address in Gmail is still valid. Google uses your secondary email address to reach you in case your primary address is compromised, or you've forgotten your password.

    To check your recovery email, go to Settings > See all settings > Accounts and Import > Change password recovery options. Look at the entry for Recovery email and verify that it's correct.

  5. Don't use security questions that anyone can discover. Consider lying on verification questions in a way you remember, but others won't guess. Put down the name of your favorite stuffed animal as your first pet, or pretend you actually grew up in Narnia.

  6. Delete any registration messages that contain your password, or use an easy password to register for a service and then immediately change it to something more secure.

  7. Keep your computer's antivirus software up to date. Password security won't help you if someone has compromised your desktop with a keylogger.

  8. Delete any emails that include passwords, especially if you've been using the same passwords for a while. To find them, go to your Gmail account and use the search box to search for any reference you may have made to "password" or "registration." Delete any registration messages you've been sent containing your password—or use it as an opportunity to go on a password-changing spree.

Was this page helpful?