How to Avoid Having Your Google Account Hacked

Keep your Google account safe

Woman surprised by content on her phone.

Zero Creatives / Getty Images

You use your Google account for Gmail, of course, but you also might use it for a whole web of other apps, from your Android phone login to your Google Play account. For that reason, getting your password hacked can be much worse than just getting locked out of your email. If you use your Gmail to authenticate other accounts, such as Twitter, Facebook, utility services, and banks, it means all those reset password requests on such sites will go to a compromised account, and your hacker now has complete access to large chunks of your digital life. 

You can, and should, take some important steps to protect your Google password:

  • Don't reuse passwords. This is the most important rule. Yes, we know you live in a world where we have to remember a bazillion passwords, and using the same password over and over again is easier. It's also easier for hackers. If you use only one, they can guess your password once and know your password forever and everywhere. If you don't want to write every password down, you can use a system such as PassPack or LastPass to store them digitally. You still need to make sure your passwords are strong, and you still need to change them every once in a while. Even LastPass has been hacked
  • Don't make up your own passwords. A lot of sites offer advice on how to make up memorable, secure passwords, but they're never going to be as secure as letting a machine do it. Humans fall into patterns, use words, and tend to put the numbers, symbols, and uppercase elements of our passwords into the same spots. We're sloppy. Instead, use a random password generator to make secure passwords. Most password storage services, including LastPass and Chrome's built-in password-saving feature, offer the option to generate a password when you have to come up with a new one and will "remember" it for you.

    To see passwords you've saved using Chrome's secure password-saving feature, visit chrome://settings/passwords.

    • Use two-step verification. Two-step verification requires two separate items: something you have and something you know. You can set up your Google account to employ two-step verification that relies on your password and your phone. When you log in from a new computer, Google will text you a number for additional security. Here's how to set up two-step verification in Google
    • Make sure your secondary email address in Gmail is still valid and owned by you. Google uses your secondary email address to reach you in case your primary address is compromised, or you've forgotten your password. To check this, go to > Settings > Accounts and Import > Change password recovery options. Look at the entry for Recovery email and verify that it's correct.
    • Don't use security questions that anyone can Google. Assume we all know your mother's maiden name and your high school.

    Consider lying on verification questions in a way you remember, but others won't guess. Put down the name of your favorite stuffed animal as your first pet, or pretend you actually grew up in Narnia.

    • Delete any registration messages that contain your password, or use an easy password to register for a service and then immediately change it to something more secure.
    • Keep your computer's antivirus software up to date. Password security won't help you if someone has compromised your desktop with a keylogger.
    • Delete any emails that include passwords, especially if you've been using the same passwords for a while. To find them, go to your Gmail account and use the search box to search for any reference you may have made to "password" or "registration." Delete any registration messages you've been sent containing your password — or use it as an opportunity to go on a password changing spree.