How to Keep Your Email Account Secure
Your email is more important than it looks. It is the place password resets are sent, so whoever controls your email can often reach your other accounts too. That makes it well worth protecting. The reassuring part is that a few simple steps make your email very hard to break into, and you only need to set them up once.
This guide explains those steps in plain English, with no jargon, so you can feel settled about your inbox. You will find more advice like this in our main guide to staying safe online.
Quick answer
Three things keep your email secure: a strong, unique password used nowhere else; two-factor authentication, so a login also needs a code from your phone; and a habit of never entering your email password after clicking a link in a message. Set up the first two once, and the third becomes second nature.
Use a strong, unique password
Your email deserves a password you do not use anywhere else. If you reuse a password and one other website is breached, criminals will try the same password on your email. A long passphrase made of a few unrelated words is both strong and easy to remember. Our guide on creating a strong password shows you how, and a password manager can remember it for you.
Turn on two-factor authentication
This is the single best thing you can do for your email. With two-factor authentication switched on, logging in needs your password plus a second step, usually a code sent to your phone. So even if someone learns your password, they still cannot get in without your phone in their hand. Every major email provider offers it free, and our guide on setting up two-factor authentication walks you through it.
Be careful where you type your password
A common trick is an email or text that says there is a problem with your account and sends you to a page asking you to log in. The page is fake, and it captures your password. Never enter your email password after following a link in a message. Instead, go to your email by typing the address yourself or opening the app. If a request was genuine, you will see it there.
A few good habits
- Keep your recovery phone number and backup email up to date, so you can get back in if needed.
- Lock your phone and computer with a PIN, fingerprint or face unlock.
- Sign out of email on any shared or public computer when you finish.
- Once in a while, check your account’s “recent activity” or “where you’re signed in” for anything unfamiliar.
If you ever think your email has been broken into, our guide on how to recover a hacked email account takes you through getting it back.
Before you finish
Download the free Family Tech Safety Checklist to help check phone safety, passwords, scam messages, emergency contacts and medical alarm details.
FAQ: Keeping your email secure
Why is email so important to protect?
Password resets for your other accounts are sent to your email. Whoever controls it can often reach your banking, shopping and social accounts too.
What is the most important step?
Turning on two-factor authentication. It means a stolen password alone is not enough to log in, because a code from your phone is also needed.
Is it safe to log in from a link in an email?
No. That is how many accounts are stolen. Always reach your email by typing the address yourself or opening the app.
Do I need a different password for email?
Yes, a unique one used nowhere else. If another site is breached, your email stays safe.
How do I know if someone has been in my account?
Check the “recent activity” or “where you’re signed in” section in your email settings, and log out anything you do not recognise.
