How to Avoid Having Your Google Account Hacked

Woman surprised by content on her phone.

Zero Creatives / Getty Images

Your Google Account is used for your Gmail, but it could also be connected to your Android phone, your Google Play account, and your Google Wallet. Getting your password hacked could make for a rotten start to a day, but it could be even worse than getting locked out of your email. If you use your Gmail to authenticate other accounts, like Twitter, Facebook, or your utility services or bank, getting your Gmail hacked means all those reset password requests will go to a compromised account, and your hacker now has complete access to large chunks of your digital life. 

How do you secure your password and your account? 

  • Don't reuse passwords. This is the absolute biggest rule. Yes, we know you live in a world where we have to remember a bazillion passwords, and using the same password over and over again is easier. It's also easier for hackers. If they guess you password once, they know your password forever. You can use a system like PassPack or LastPass to store them. You still need to make sure your passwords are strong, and you still need to change them every once in a while. Even LastPass was hacked
  • Don't make up your own passwords. There are a lot of sites with advice on how to make up memorable, secure passwords, but they're never going to be as secure as letting a machine do it. Humans fall into patterns, use words, and tend to put the numbers/symbols/uppercase elements of our passwords into the same spots. We're sloppy. Use a random password generator to make secure passwords. Combine it with LastPass or PassPack, and you don't have to remember them. 
  • Use two-step verification. Two-step verification uses something you have and something you know. In the case of your Google Accounts, it uses your password and your phone. When you log in from a new computer, Google will text you a number for additional security. Set up two-step verification in Google
  • Double check your Gmail account and make sure your secondary email address is still valid and owned by you. Do the same for any other service that uses an email address.
  • Don't use security questions that anyone can Google. Assume we all know your mother's maiden name and your high school. You may even want to lie on these questions in a way you remember, but others won't guess. Put down the name of your favorite stuffed animal as your first pet, or pretend you actually grew up in Narnia.
  • Delete any registration messages that contain your password, or use an easy password to register for a service and then immediately change it to something more secure.
  • Keep your virus protection up to date. Password security won't help you if someone has compromised your desktop with a keylogger.

If you've been reusing passwords for a while, go to your Gmail account and use the search box to search for any reference you may have made to "password" or "registration". Delete any registration messages you've been sent containing your password or use it as an opportunity to go on a password changing spree.