Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

If Someone Gets Into My Gmail Account, Can They Get Into Others?

Your email account is valuable and can be a gateway to others.

Like a row of dominos, gaining access to one account can lead to others being compromised.
Dominos
(Image: canva.com)
Question: If someone hacks my Gmail account, can they get at my other accounts even though they have different passwords?

Maybe.

And that should worry you.

No. Let me say that differently. It shouldn't worry you; it should strengthen your resolve to properly secure all your accounts.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Getting into other accounts

If a hacker gains access to the account you use as a recovery account elsewhere, they can use the "forgot password" system to change passwords and gain access to those other accounts as well. Setting account recovery information is critical, so it's important that the account used for recovery is appropriately secured.

Getting into your Gmail account

All accounts are under more-or-less constant attack via various mechanisms. Gmail accounts, because of their popularity, are a common target.

If one of those methods succeeds -- say you fell victim to a phishing attack and entered your credentials on what turns out to be a fake, hacker-controlled website -- then you've handed over your username and password to someone who can then sign into your account.

With Gmail, of course, it's not really a Gmail-only account; they now have access to all the Google services you use. They have access to your Google account.

But they can often leverage this as a foot in the door to hack into some of your other accounts as well.

Password reuse

I wasn't going to mention this, but so many people do it that it's worth emphasizing.

If a hacker learns your Gmail password -- or any of your passwords -- and you use that same password with other accounts, then yes, hackers are likely to eventually gain access to those accounts as well.

Don't do that. Never re-use passwords.

Getting into more

It's not uncommon to have one email account -- often the account you use daily -- as the backup or "alternate email address" for many of your other accounts. That's called a recovery account because if you lose access to your account, the service may send a temporary password to that recovery account. If either account is hacked, you need to take action quickly.

The issue is pretty simple:

  • The hacker can can see from the email in your account what other services you use.
  • They can then visit those services and perform a "forgot password" account recovery, specifying the Gmail account as the recovery address.
  • With access to your Gmail account, they can reset the password on these other accounts and hack in.

Your recovery account can act as a gateway to all the other accounts associated with it.

Do this

It's critical that you still set up alternate or recovery accounts whenever possible.

But it's also critical that whatever account you use be properly secured.

Your recovery account might be the most important account you have. Secure it properly.

Staying on top of things is important too. Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

8 comments on “If Someone Gets Into My Gmail Account, Can They Get Into Others?”

  1. have an authenticator installed on my computer. i use it for a couple of sites. but gmail doesn`t have an option to use it.

    Reply
  2. “The hacker can see from the email in your account what other services you use.” Yes, and additionally, they might try your email address to log into popular websites such as social media and e-commerce accounts.

    Reply
  3. Just to your comment Mark. I agree.
    Also, I really dislike that some sites use your email address instead of a user name that you get to choose.
    To me, keeping both user name and password different on all your accounts is doubly helpful against hackers, and a user name should not show on emails.
    Having said that,. we can never really relax, can we?

    Reply
    • Go into you Google Account security settings and set up two-factor authentication, choosing the authenticator as your method. The authenticator you’ve linked to above is unknown to me, and NOT from Google. I recommend you use the official authenticator from Google, or the Authy authenticator. There are some worthwhile third-party tools, but the one you link to is unknown to me, and I would not use it myself.

      Reply
  4. the authenticator i linked to was the one that facebook foisted on me to “protect my account” users had no choice but to add it. it produces a code users have to enter in order to sign in.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.