How to secure your email accounts

For hackers and others with bad intentions, your email account is a portal to the rest of your world. The moment you suspect someone has gained access to your email account—or you learn about a data leak that may include your email username and password—it’s time to act fast and change your password.

One thing to remember: Password length and complexity are the two main factors that can protect against attacks. In fact, the National Institute of Standards and Technology (part of the U.S. Department of Commerce) recommends choosing the longest password or phrase possible, with a mix of lowercase and capital letters, numbers and special characters—though not in an order that spells out any well-known phrases or dates or personal information. The traditional guidance that passwords should be changed every 1 to 3 months? That varies by circumstance—if you use strong passwords, you can go longer unless there’s evidence of “authenticator compromise,” according to NIST guidelines.

Time to change email passwords? Here’s how, with detailed instructions for four popular email services.

Gmail

You’re required to have a Google account in order to use Gmail , and you use the username and password for your Google account to sign in to your Gmail account. You also use this Google account to sign in to YouTube, Google Drive and other Google products. These directions will help you change the password for your Google account.

Change your password

Desktop or mobile web browser

1. Go to your Google account. You might need to sign in.
2. Under “Security,” select Signing in to Google.
3. Choose Password. You might need to sign in again.
4. Enter your new password, and then select Change Password.

Android device

1. Open your device’s Settings app, tap Google, and then tap Manage your Google Account.
2. At the top, tap Security.
3. Under “Signing in to Google,” tap Password. You might need to sign in.
4. Enter your new password, then tap Change Password.

iPhone and iPad

1. Open the Gmail app.
2. At the top right, tap your profile picture or initial, and then tap Manage Your Google Account.
3. Under “Basic info,” tap Password.
4. Enter your new password, then select Change Password.

Google no longer supports security questions on email accounts, so you can’t change or add a security question, although you can delete it.

Apple iCloud Mail

Your Apple iCloud Mail password is the same as your Apple ID password. You also use your Apple ID to authorize charges and downloads of apps, movies, and songs from Apple’s App and iTunes stores. It is typically not the same passcode you use to unlock your Apple devices. These directions will help you change the password for your Apple ID.

Desktop or mobile web browser

1. Sign in to appleid.apple.com.
2. In the Sign-In and Security section, select Password.
3. Enter your current password, then enter a new password and confirm the new password.
4. Select Change Password.

iPhone, iPad, iPod touch, or Apple Watch

1. Tap Settings > your name > Password & Security.
2. Tap Change Password.
3. Enter your current password, then enter a new password and confirm the new password.
4. Tap Change or Change Password.

Mac

1. From the Apple menu () select System Settings (or System Preferences), then select your name (or Apple ID).
2. Select Password & Security.
3. Select Change Password. (Before you can reset your Apple ID password, you’ll have to enter the password used to unlock your Mac.)

To change your security question, take the following steps.

1. Sign in to appleid.apple.com.
2. In the Sign-In and Security section, select Account Security.
3. Under Security questions, select Change security questions.
4. Choose your new security questions and their answers, then select Update.
5. Enter your Apple ID password, then select Done.

Outlook.com

Your Outlook.com password is the same as your Microsoft account password. (You also use your Microsoft account to connect to other Microsoft apps and services.) These directions will help you change the password for your Microsoft account.

Desktop or mobile web browser

1. Sign in to your Microsoft account at account.microsoft.com.
2. Go to Microsoft account security and select Password security. (As a security measure, you might be prompted to verify your identity with a security code sent to your email or phone. If that happens, verify your email address or the last four digits of your phone number are correct, then select Send code. When you receive the code, enter it and select Submit.)
3. Enter your current password, enter your new password, and then select Save.

Yahoo Mail

Your Yahoo mail password is the same password as your Yahoo account password. You also use your Yahoo account to sign in to other Yahoo services such as Yahoo Finance Plus. These directions will help you change the password for your Yahoo account.

Desktop or mobile web browser

1. Sign in to the Yahoo Account security page at login.yahoo.com.
2. Click Change password.
3. Enter a new password.
4. Click Continue.

From other Yahoo mobile apps

1. Tap the Menu icon.
2. If you’re using the Yahoo Mail app, tap Manage Accounts.
3. Tap Account info.
4. Tap Security settings.
5. Enter your security code.
6. Tap Change password.
7. Tap I would rather change my password.
8. Enter the new password and its confirmation and tap Continue.

Yahoo doesn’t let you create new or edit existing security questions, and in fact, if you've recently updated your mobile number or alternate email address, your security questions may have been removed.

Visit the Account Security Hub.