Email Security

    How to Secure Your Gmail Account

    Step-by-step guide to hardening your Google account against hackers and unauthorised access.

    ๐Ÿ“… March 2026 ยท ๐Ÿ• 7 min read

    Taking a few minutes to secure your Gmail can prevent devastating account takeovers. Follow every step in this guide for maximum protection.

    1. Enable Two-Factor Authentication (2FA)

    Two-factor authentication is the single most important security measure you can enable on your Gmail account.

      Go to myaccount.google.com โ†’ Security Click 2-Step Verification โ†’ Get Started Choose your second factor: Google Prompt, Authenticator app, or Security Key Set up backup codes and store them securely offline Consider enrolling in Google Advanced Protection Program for high-risk accounts

    2. Review and Remove Third-Party App Access

    Over time, you may have granted dozens of apps access to your Google account. Each one is a potential entry point for attackers.

      Go to myaccount.google.com โ†’ Security โ†’ Third-party apps with account access Review every app listed carefully Remove any app you no longer use or don't recognise Be especially cautious of apps requesting full Gmail access Re-authorise only apps you actively use and trust

    3. Check Your Recovery Options

    Your recovery email and phone number are your lifeline if you ever lose access. Make sure they are current and secure.

      Go to myaccount.google.com โ†’ Personal info Verify your recovery email is one you actively monitor Ensure your recovery phone number is current Remove any old or compromised recovery options Consider using a separate secure email for recovery

    4. Review Account Activity and Alerts

      Check Recent security activity under Security settings regularly Review Your devices and remove any you don't recognise Enable Google security alerts for suspicious activity Check Gmail's Last account activity at the bottom of your inbox Sign out of all other sessions if anything looks suspicious

    5. Strengthen Your Password

      Use a unique password of at least 16 characters Never reuse your Gmail password on other sites Use a reputable password manager to generate and store it Change your password immediately if you suspect any compromise Avoid personal information like birthdays or pet names

    6. Configure Gmail-Specific Security Settings

      Disable IMAP/POP access if you only use the web interface Check Filters and Forwarding for any rules you didn't create Review Gmail Labs and add-ons for unauthorised extensions Enable Confidential Mode for sensitive emails Disable less secure app access (should be off by default)

    If you suspect your account has already been compromised, read our companion guide: How to Tell If Your Gmail Has Been Compromised.

    More from Email Security

    No image

    How to Recover Your Email Account After Being Hacked

    Locked out of your email? A generic guide to the main recovery pathways for getting back into a hacked email account, with notes on how options vary by provider.
    No image

    How to Migrate to Proton Mail from Any Email Provider

    Complete guide to migrating your email, contacts, and calendar to Proton Mail using Easy Switch or manual import methods.
    No image

    How to Secure Your Email Account

    A comprehensive, provider-agnostic guide to hardening your email account against hackers โ€” covering 2FA, app passwords, recovery settings, phishing defence, and ongoing monitoring.