Make your account more secure

At Google, we take online security seriously. To protect your Google Account, we strongly recommend you follow the steps below on a regular basis.

Important: Google may use a red, yellow, or blue exclamation point icon to recommend immediate action for your Google Account. To learn more, go to Recommended actions.

Recommended actions

An exclamation point next to "Recommended actions" means Google recommends you take active steps to secure your account. The level of severity is based on their color:

Blue: For security tips.
Yellow: For important steps.
Red: For urgent notifications.

A green shield with a check mark means your account is healthy and no immediate action is needed.

To check for notifications:

Sign into your Google Account.
At the top right, click your profile picture.
Click Recommended actions.
- This takes you to Security Checkup, where you’ll get personal recommendations to improve your account security.

If "Recommended actions" doesn’t appear, it means Google doesn’t have any security recommendations for you. However, you can review your security level in your Google Account:

Sign into your Google Account.
Click Manage Your Account Security.
- At the top, if all recommendations are resolved, this page shows a green shield.
- If it shows a green shield, your account is secure. It may also give you security tips to make your account more secure.

Tip: If you’re a journalist, activist, or someone who might be at risk of online attacks, learn about the Advanced Protection Program.

Step 1: Do a Security Checkup

Go to Security Checkup to get personalized security recommendations for your Google Account, including:

Add or update account recovery options

Your recovery phone number and email address are powerful security tools. This contact info can be used to help:

Block someone from using your account without your permission.
Alert you if there’s suspicious activity on your account.
Recover your account if you can’t sign in.

Learn how to add or change your recovery options.

Turn on 2-Step Verification

2-Step Verification helps prevent a hacker from getting into your account, even if they steal your password. To avoid common phishing techniques associated with text message codes, choose a stronger second verification step:

Security keys (Most secure verification step)
Google Prompts (More secure than text message codes)

Increased security: Advanced Protection

If you’re a journalist, activist, or someone else at risk of targeted online attacks, for a higher level of security, consider enrolling in the Advanced Protection Program. Advanced Protection uses security keys to protect you against phishing and includes other protections like blocking unsecure apps.

Remove risky access to your data

To better protect sensitive information, review which apps can use your account info and remove the ones you don’t need.

Manage third-party apps and services with access to your account.
Turn off access for apps that use less secure sign-in technology.
Learn how to manage apps with access to your account.

Turn on screen locks

Screen locks help protect your devices from being used without your permission. Learn how to set a screen lock on your Android device.

Tip: For info on adding a screen lock on other devices and computers, go to the manufacturer’s support site.

Step 2: Update your software

If your browser, operating system, or apps are outdated, the software may not be safe from hackers. To help protect your account, keep your software updated.

Update your browser

Make sure you use the latest version of your browser.

Learn how to update Google Chrome.

Tip: To learn how to update other browsers, go to the developer’s support site.

Update your operating system

Make sure you use the latest version of your operating system.

Update Android devices: Learn how to check and update your Android version.
Update Chromebooks: Learn how to update your Chromebook’s operating system.

Tip: To learn how to update other devices and computers, go to the manufacturer’s support site.

Update your apps

Make sure you use the latest version of your apps.

Update Android apps: Learn how to update your Android apps on Android devices and compatible Chromebooks.
- To help make sure your apps are up-to-date, turn on automatic app updates for your Android devices.
Turn on Google Play Protect: Google Play Protect helps keep Android devices safe from harmful apps.
- Learn how to turn on Google Play Protect.

Tip: To learn how to update apps on other devices and computers, go to the manufacturer’s support site.

Step 3: Use unique & strong passwords

It isn’t safe to use the same password on multiple sites. If your password for one site is hacked, it could be used to access your accounts for multiple sites.

Make sure you create a strong and unique password for each account.

Manage your passwords

A password manager can help you create and manage strong and unique passwords. Consider using one from Chrome or another trusted password manager provider.

Tip: To check if any passwords saved in your Google Account are weak, may be exposed, or are reused for multiple accounts, use Password Checkup.

Help protect your password from hackers

To get notified if you enter your Google Account password on a non-Google site, turn on Password Alert for Chrome. That way, you’ll know if a site is impersonating Google, and you can change your password if it gets stolen.

Tip: For an extra layer of account security, turn on 2-Step Verification.

Step 4: Remove apps & browser extensions you don’t need

As you install more apps on your device, it can become more vulnerable to hackers. On devices that have access to sensitive information, only install the apps and browser extensions you need. To better protect your personal info, do not install unknown apps or apps from unknown sources.

Learn how to uninstall apps and extensions on your device:

Delete apps on Android devices.

Tip: To learn how to remove apps and extensions from other devices and browsers, go to the device or browser’s support site.

Step 5: Protect against suspicious messages & content

Hackers can use emails, text messages, phone calls, and websites to pretend to be institutions, family members, or colleagues.

Avoid suspicious requests

Do not share your passwords. Google never asks for your password in an email, message, or phone call.
Do not reply to suspicious emails, texts, instant messages, webpages, or phone calls that ask for your personal or financial info.
Do not click links in emails, messages, webpages, or pop-ups from untrustworthy websites or senders.

Avoid suspicious emails

To help protect your account, Gmail automatically identifies suspicious emails. To reinforce this built-in protection, you can also identify suspicious emails and settings yourself:

Check if a Gmail message might be fake.
Make sure the email address and the sender's name match.
If you get a suspicious email in Gmail, report it as spam or phishing. This helps Google stop future scammers.
Check your Gmail settings and make sure there’s no unfamiliar activity.

Tip: If you’re using Gmail on your computer, point to a link without clicking on it. At the bottom left, check the web address and make sure it's what you expect.

Avoid suspicious web pages

Google Chrome and Search are designed to warn you about suspicious content and unwanted software.

Learn how to manage these warnings in Chrome and Search.

If you notice suspicious activity on your account

Follow the steps to help secure your account.

Related resources

Gmail Security and Privacy Settings

Was this helpful?

How can we improve it?