How to Avoid Having Your Google Account Hacked

Keep your Google account safe

Woman surprised by content on her phone

Zero Creatives / Getty Images

You use your Google account for Gmail, but you also might use it for other apps, including your Android phone login and Google Play account. For that reason, getting your password hacked can be much worse than just getting locked out of your email.

If you use your Gmail to authenticate other accounts like Twitter, Facebook, utility services, and banks, it means your requests to reset your passwords will go to a compromised account, and your hacker now has complete access to large chunks of your digital life. 

You can, and should, take some important steps to protect your Google password:

  1. Don't reuse passwords. Coming up with a unique password for each service you use is the most important rule. Using the same password makes it easier for hackers to get to your data. If you use only one, they can guess your password once and know it everywhere. If you don't want to write every password down, you can use a management system like PassPack or LastPass to store them digitally. You still need to make sure your passwords are strong, and you still need to change them every once in a while. Even LastPass has been hacked.

  2. Don't make up your own passwords. A lot of sites offer advice on how to make up memorable, secure passwords, but they're never going to be as secure as letting a machine do it. Humans fall into patterns and tend to put numbers, symbols, and uppercase elements of passwords into the same spots.

    Use a random password generator to make secure passwords. Most password storage services, including LastPass and Chrome's built-in password-saving feature, offer the option to generate a password when you have to come up with a new one and will remember it for you.

    To see passwords you've saved using Chrome's secure password-saving feature, visit chrome://settings/passwords.

  3. Use two-step verification. Two-step verification requires two separate items: something you have and something you know. You can set up your Google account to employ two-step verification that relies on your password and your phone. When you log in from a new computer, Google will text you a number for additional security.

    Google also has its own authenticator app that can run two-factor on multiple sites.

  4. Make sure your secondary email address in Gmail is still valid. Google uses your secondary email address to reach you in case your primary address is compromised, or you've forgotten your password.

    To check your recovery email, go to Gmail.com > Settings > Accounts and Import > Change password recovery options. Look at the entry for Recovery email and verify that it's correct.

    change password recovery option in Gmail screenshot
  5. Don't use security questions that anyone can Google. Consider lying on verification questions in a way you remember, but others won't guess. Put down the name of your favorite stuffed animal as your first pet, or pretend you actually grew up in Narnia.

  6. Delete any registration messages that contain your password, or use an easy password to register for a service and then immediately change it to something more secure.

  7. Keep your computer's antivirus software up to date. Password security won't help you if someone has compromised your desktop with a keylogger.

  8. Delete any emails that include passwords, especially if you've been using the same passwords for a while. To find them, go to your Gmail account and use the search box to search for any reference you may have made to "password" or "registration." Delete any registration messages you've been sent containing your password — or use it as an opportunity to go on a password changing spree.