Stay one step ahead of the bad guys
Account hijackers prey on the bad habits of the average Internet user. Understanding common hijacking
techniques and using better security practices will help you stay one step ahead of them.
The most common ways hijackers can get access to your Google password are:
l Password re-use: You sign up for an account on a third-party site with your Google username and
password. If that site is hacked and your sign-in information is discovered, the hijacker has easy
access to your Google Account.
l Malware: You use a computer with infected software that is designed to steal your passwords as
you type (“keylogging”) or grab them from your browser’s cache data.
l Phishing: You respond to a website, email, or phone call that claims to come from a legitimate
organization and asks for your username and password.
l Brute force: You use a password that’s easy to guess, like your first or last name plus your birth
date (“Laura1968”), or you provide an answer to a secret question that’s common and therefore
easy to guess, like “pizza” for “What is your favorite food?”
As you can see, hijackers have many tactics for stealing your password, and it’s important to be aware of
all of them.
Take control of your account security across the web
Online accounts that share passwords are like a line of dominoes: When one falls, it doesn’t take much for
the others to fall, too. This is why you should choose unique passwords for important accounts like Gmail
(your Google Account), your bank, commerce sites, and social networking sites. We’re also working on
technology that adds another layer of protection beyond your password to make your Google Account
significantly more secure.
Choosing a unique password is not enough to secure your Google Account against every possible threat.
That’s why we’ve created an easy-to-use checklist to help you secure your computer, browser, Gmail,
and Google Account. We encourage you to go through the entire checklist, but want to highlight these tips:
l Never re-use passwords for your important accounts like online banking, email, social
networking, and commerce.
l Change your password periodically, and be sure to do so for important accounts whenever you
suspect one of them may have been at risk. Don’t just change your password by a few letters or
numbers (“Aquarius5” to “Aquarius6”); change the combination of letters and numbers to something
unique each time.
l Never respond to messages, non-Google websites, or phone calls asking for your Google
username or password; a legitimate organization will not ask you for this type of information. Report
these messages to us so we can take action. If you responded and can no longer access your
account, visit our account recovery page.