Your Security

Your security comes first in everything we do.

If your data is not secure, it is not private. That is why we make sure that Google services like Search, Maps, and YouTube are protected by one of the world’s most advanced security infrastructures.

Encryption keeps your data private while in transit

Encryption brings a higher level of security and privacy to our services. When you do things like send an email, share a video, visit a website, or store your photos, the data you create moves between your device, Google services, and our data centers. We protect this data with multiple layers of security, including leading encryption technology like HTTPS and Transport Layer Security.

Our cloud infrastructure protects your data 24/7

From custom-designed data centers to undersea fiber cables that transfer data between continents, Google operates one of the world’s most secure and reliable cloud infrastructures. And it is continuously monitored to protect your data and make it available when you need it. In fact, we distribute data across multiple data centers, so that in the event of a fire or disaster, it can be automatically and seamlessly shifted to stable and secure locations.

Threat detection helps protect our services

We continuously monitor our services and underlying infrastructure to protect them from threats, including spam, malware, viruses, and other forms of malicious code.

We do not give governments direct access to your data

We never give “backdoor” access to your data or our servers that store your data, period. That means no government entity, U.S. or otherwise, has direct access to our users’ information. There are times when we receive requests for user data from law enforcement agencies. Our legal team reviews these requests and pushes back when a request is overly broad or does not follow the correct process. We have worked hard to be open about these data requests in our Transparency Report.

Encryption extends out of photo of Eiffel Tower

Gmail encryption keeps emails private

Since day one, Gmail has supported encrypted connections, which makes it harder for bad guys to read what you are sending. Gmail also warns you about possible security risks, like when you receive an email that was not sent over an encrypted connection.

Gmail Email envelope sets off security scanner warning sign

Gmail spam protection filters out suspicious emails

Many malware and phishing attacks start with an email. Gmail security protects you from spam, phishing, and malware better than any other email service. Gmail analyzes patterns drawn from billions of messages to identify characteristics of emails that users marked as spam, then uses those markers to block suspicious or dangerous emails before they ever reach you. You can help by selecting "Report Spam" for suspicious emails that you receive.

Machine learning and artificial intelligence help Gmail’s spam filter get ever more accurate. It now keeps 99.9% of spam out of your inbox.

Chrome Browser with security update progress

Chrome automatically updates your browser security

Security technologies are always changing, so staying safe means staying up to date. That is why Chrome checks regularly to make sure that the version of the browser you are using is updated with the latest security fixes, protections from malware and deceptive sites, and more. Chrome updates automatically, so you have the latest Chrome security technology protecting you.

Harmful app sneaks onto device

Google Play keeps potentially harmful apps off your phone

One of your device’s biggest security vulnerabilities can be the apps you install on it. Our detection system flags potentially harmful apps before they ever reach the Play Store. If we are not sure whether an app is safe, it is manually reviewed by members of the Android Security Team. As we refine our detection system, we reevaluate apps that are already on Google Play and remove those that could be harmful so they don’t end up on your device.

Google blocks malicious and misleading ads

Your online experience can be ruined by ads that carry malware, cover content you are trying to see, promote fake goods, or otherwise violate our advertising policies. We take this problem very seriously. Every year our combination of live reviewers and sophisticated software blocks nearly a billion bad ads. We also give you tools to report offensive ads and control what types of ads you see. And we actively publish our insights and best practices to help make the Internet safer for all.

Top tips to help you stay secure online

Keep your online accounts and personal data protected with these quick tips.

Google Security Shield and checklist

Create strong passwords

Creating a strong, secure password is the most critical step you can take in protecting your online accounts. You can do this by using a series of words that you will not forget, but that is hard for others to guess. Or take a long sentence and build a password with the first letters of each word. To make it even stronger, make it at least 8 characters long, because the longer your password, the stronger it is.

If asked to create answers for security questions, consider using fake answers to make them even more difficult to guess.

Never use the same password twice

Use unique passwords for every account

Using the same password to log into multiple accounts, like your Google Account, social media profiles, and retail websites, increases your security risk. It is like using the same key to lock your home, car and office – if someone gains access to one, all of them could be compromised.

Keep track of multiple passwords

A password manager, like Google Smart Lock in the Chrome browser, helps you safeguard and keep track of all the passwords for your different online accounts. It can even keep track of your answers to security questions, and generate random passwords for you.

Defend against hackers with 2‑Step Verification

2-Step Verification helps keep out anyone who shouldn’t have access to your account by requiring you to use a secondary factor on top of your username and password to log in to your account. With Google, for example, this can be a six-digit code generated from the Google Authenticator app or a prompt in your Google app to accept the login from a trusted device.

For further protection against phishing, you can use a physical Security Key that inserts into the USB port of your computer or connects to your mobile device using NFC (Near Field Communication) or Bluetooth.

Keep your software up-to-date

To protect yourself from security vulnerabilities, always use up-to-date software across your web browser, operating system, plugins, or document editors. When you receive notifications to update your software, do so as soon as possible.

Review the software you use regularly to make sure you are always running the latest versions available. Some services, including the Chrome browser, will automatically update themselves.

Use a screen lock

When you are not using your computer, laptop, tablet, or phone, lock your screen to keep others from getting into your device. For added security, set your device to automatically lock when it goes to sleep.

Lock down your phone if you lose it

In case your phone is ever lost or stolen, visit My Account and select “Find your Phone” to protect your data in a few quick steps. Whether you have an Android or iOS device, you can remotely locate and lock your phone so that no one else can use your phone and access your personal information.

Browser shows passwords protected in Chrome

Keep potentially harmful apps off your phone

Always download your mobile apps from a source you trust. To help keep Android devices secure, Google Play Protect runs a safety check on apps from the Google Play Store before you can download them, and periodically checks your device for potentially harmful apps from other sources.

To keep your data protected:

  • Review your apps, and delete the ones you do not use
  • Visit your app store settings and enable auto-updates
  • Only give access to sensitive data, like your location and photos, to apps you trust

Beware of email scams, fake prizes, and gifts

Messages from strangers are always suspect, especially if they seem too good to be true — like declaring you have won something, offering prizes for completing a survey, or promoting quick ways to make money. Never click suspicious links, and never enter personal information into questionable forms and surveys.

Be wary of requests for personal information

Don’t reply to suspicious emails, instant messages, or pop-up windows that ask for personal information, like passwords, bank account and credit card numbers, or even your birthday. Even if the message comes from a site you trust, like your bank, never click on the link or send a reply message. It is better to go directly to their website or app to log into your account.

Remember, legitimate sites and services will not send messages requesting that you send passwords or financial information over email.

Watch out for impersonators

If someone you know emails you, but the message seems odd, their account may have been hacked.

Look out for:

  • Urgent requests for money
  • The person claiming to be stranded in another country
  • The person saying their phone was stolen and cannot be called

Don’t reply to the message or click any links unless you can confirm the email is legitimate.

Double check files before downloading

Some sophisticated phishing attacks can occur through infected documents and PDF attachments. If you come across a suspicious attachment, use Chrome or Google Drive to open it safely and reduce the risk of infecting your device. If we detect a virus, we will show you a warning.

Use secure networks

Be careful about using public or free WiFi, even those requiring a password. When you connect to a public network, anyone in the vicinity may be able to monitor your Internet activity, such as the websites you visit and the information you type into sites. If public or free WiFi is your only option, the Chrome browser will let you know in the address bar if a site is secure.

Look for secure connections before entering sensitive information

When you are browsing the web – and especially if you plan to enter sensitive information like a password or credit card details – make sure the connection to the sites you visit is secure. A secure URL will begin with HTTPS. The Chrome browser will show a green, fully-locked icon in the URL field and say, “Secure.” If it is not safe, it will read “Not Secure.” HTTPS helps keep your browsing safe by securely connecting your browser or app with the websites you visit.