Skip to Main Content

Three steps to keep your YouTube account secure

On World Password Day and every day, we want to help you ensure your accounts are secure.

In the spirit of World Password Day, we encourage all creators to bolster the security of their Google accounts. Unfortunately, over the past several months we've seen a rise in the hijacking of YouTube channels. We take account security seriously and, in addition to continuously improving our monitoring and systems, want to help creators keep their accounts safe by encouraging them to take these three steps:

1. Create a strong password and never share it or reuse it on other sites.

A secure password and updated recovery information, like adding your phone number to your Google Account, can help protect it. Also, never enter your password information on any page other than since that’s one way passwords are stolen. If you work with a team, do not share your password with them, either.

2. Enable 2-Step Verification on your Google account for extra protection in addition to monitoring who has access to your account.

It's easier than you think for someone to steal your password, through phishing, malware, data breaches and more. Adding 2-Step Verification means that you’ll protect your account with both your password and additional information — like a prompt on your phone, or a physical device like a security key — to confirm it's really you.

For your account to be as secure as possible, you should make sure all Google accounts with access to your channel have 2-Step Verification enabled. This includes everyone listed under the channel permissions section in your settings. Also consider using the Advanced Protection Program for an extra level of security.

3. Stay vigilant of phishing and malware scams.

Knowing what to look for means you can get ahead of potential scams. Look out for any emails that ask for your account login information — legitimate emails from YouTube about your account will never ask for your login information. If you suspect an email may be a phishing or malware scam, don’t click on any links before verifying they are correct by hovering over them. Ensure the email address and sender names match, and look out for any downloads or attachments — especially ones that are very large or run a program on your computer. These can be malware that when downloaded may cause extensive damage to data and computers or may be used to gain unauthorized access to your network.

On World Password Day and every day, we want to help you ensure your accounts are secure. Follow these three simple tips and go to the Google Security checkup to review and adjust your security settings to help you keep your account secure.