Account Security

Secure a Google account after a suspicious login

Password change, device sessions, recovery methods, two-step verification, app access, and what to check next.

Quick answer

Start with the least destructive check, confirm the device state, and only then change settings. For this problem, the fastest route is usually: Change the password from a trusted device. Sign out unknown sessions. Update recovery email and phone.

Before you start

  • Change the password from a trusted device.
  • Sign out unknown sessions.
  • Update recovery email and phone.
  • Enable two-step verification.

Start from a trusted device

Use a device you control and a network you trust. If the device may be infected, change the password from another phone or computer.

Go directly to Google Account security settings rather than following links from unknown emails.

Remove unknown access

Review signed-in devices and sign out anything unfamiliar. Then check third-party app access and remove old apps you do not recognize.

Changing the password is important, but active app tokens and sessions can keep access alive in some cases.

Make recovery stronger

Update recovery phone and email, then enable two-step verification. Use an authenticator app or passkey when possible.

Save backup codes somewhere private and not inside the same account.

Symptom checklist

What you seeMost likely causeFirst safe action
The device reacts, but the result is wrongWrong input, profile, mode, or account stateConfirm the visible setting before resetting anything
Nothing reacts at allPower, cable, port, battery, or button issueTest with a known good power source or cable
The problem comes back after rebootSaved setting, weak signal, low storage, or failing accessoryChange one variable and write down what changed

FAQ

Should I delete the account after suspicious login?
Usually no. Secure it first, review activity, and preserve evidence if financial or identity misuse is possible.
Can changing password sign out every device?
It signs out many sessions, but you should still review devices and third-party app access manually.

Keep troubleshooting