There’s something odd happening on your Google account. You see emails in your Sent folder that you haven’t sent yourself. You see files in Google Drive that don’t belong to you. You get a password reset from a service you’ve never requested to have reset.
There’s a good chance someone else is logged into your Google account.
The great thing is that Google allows you to check who is currently using your Google account, and from where; you can do this quickly; and in less than 1 minute I will show you how to effectively check your active sessions, discover any unwarranted activity, and immediately remove anyone with access to your account.
The Short Answer
You can view all devices that are currently logged into your Google account, including their location, IP Address, and last time these device were last logged onto Google.
Go to myaccount.google.com, click on "Security" in the left menu, then scroll down to "Your devices." You will see a list of every phone, laptop, tablet, and computer that has access to your account.
If you see a device you do not recognize, or a location that is not yours, someone else is accessing your account right now.
You can click "Sign out" next to any device to remove it immediately. Then change your password and enable two-factor authentication.
Checking your Active Google Sessions: A Step-by-Step Guide
You can check your active google sessions by signing into myaccount.google.com via any web browser or mobile device, without having a specific app installed on your devices.
Using Your Computer
1. Open your preferred web browser. Navigate to myaccount.google.com. Be sure to log into your Google Account before continuing with this tutorial.
2. Navigate the menu on the left side of the page. Click on the ‘Security’ option. If you do not see the menu options on the left side of the page, click on the 3 horizontal lines in the top left corner of the page to expand it.
3. Scroll down to the Your Devices' section. This section lists all active devices currently connected to your Account.
4. Click on the ‘Manage all devices’ option to see detailed information on all active devices connected to your Account.
Devices Currently Active in Your Google Account Will Display:
1. Device type (desktop, iPhone, Android, etc..)
2. Device location (City & Country based on your internet connection)
3. Last time the device has accessed your Google Account
4. The model of each Device (Examples: "Samsung Galaxy S23," "MacBook Pro").
Using your Mobile Device (Android or iPhone)
Step 1: Open either your Gmail application or the Google application on your mobile device and select your profile image from the top right corner of the screen.
Step 2: Select the option that states Manage your Google Account.
Step 3: From the options that display, select Security (scrolling sideways may be necessary).
Step 4: Scroll down to Your Devices and select Manage All Devices.
On your mobile device, you will see the same list of devices and their locations as found in the computer view.
What a Healthy Account Looks Like
A normal, secure Google account should show:
1. Your current phone; the one you are holding.
2. Your laptop or Desktop computer.
3. Your tablet (if applicable).
4. All other devices you personally own/access regularly.
All locations should match the locations where you live or work. All last active times should match when you last accessed those devices.
Red Flags: Signs Someone Else Is in Your Account
Look for these warning signs in your device list:
Red Flag 1: An unknown device type. You see "Google Pixel 6" but you have never owned a Pixel phone. You see "Windows Laptop" but you only use a Mac. An unknown device type means someone else is logged in.
Red Flag 2: A login from an unknown location. You live in London, and you can see a login from Birmingham or another country. Even a river that is close but not one you are aware of where you have recently been to is also a concern. You can tell where your computer is logging into by its IP address and not the GPS. That could mean an area of the wrong city, but if you see your account logged in to from another country, it will always be a red flag.
Red Flag 3: Recent activity when I am not available. You may see an account with a time of last active 3 am but you were fast asleep at the time and cannot see any activity from your device at the time of that teh activity was last online.
Red Flag 4: is that a device shows up as a device you cannot account for at a location that does not seem possible to be at. For example, you have your laptop, but the location that your laptop is showing as logged into is in another city that you have never visited. This could be an indicator that someone is accessing your device through the internet or that your cookie session has been stolen.
Red flag 5: is when there are a number of letters and numbers identified with a device like a stolen cookie or other possible harmful devices. A generic name for a device could be a series of letters and numbers also known as emulators or virtual machines, etc. The device may have a name such as "Linux x86_64" or "Android SDK for x86" and can probably be identified as being of Linux or Android type.
What to Do If You Find an Unauthorized Device
Do not panic. You can fix this in minutes.
Step 1: Remove Intruder from Account Immediately
To remove an intruder from your Google account, go to “Manage all devices.” Click “Sign Out” next to the name of any device which you do not recognize. The intruder will be removed from your account right away.
If you have multiple unauthorized devices connected to your Google account, sign out of them all.
Step 2: Update Password Immediately
After you have removed the intruder from your account, now change your password immediately because the intruder could use the password already attached to your account and may still be able to get back into the account.
To change your Google account password:
1. Go to myaccount.google.com and click the “Security” tab.
2. In the section labeled as, “Password,” type in your current password followed by your new password.
3. Choose/Make a secure and different than previous passwords/passwords. The password may or may not have special characters but write down the steps creating your new passwords/passwords.
4. Use a password manager to generate and save the password you created above.
Stage 3: Investigate & Remove Any Recovery Information Added By An Intruder
If an intruder is trying to access your Google account, they may try to put their own details under your account as recovery information, which means if you changed your password, they could use their recovery information to log back into your account after you've changed your password.
To see if there is any recovery information that a hacker has inserted into your account, do the following:
1. Go to "Security" > "Recovery Email." If the recovery e-mail address being displayed is not your own, it likely means a hacker has inserted an e-mail address for themselves.
2. Go to "Security" > "Recovery Phone". If the number that appears does not match your own phone number, it is likely that a hacker has put in their own telephone number.
If you find recovery information in your account that is not yours, immediately delete it; otherwise they could use this information to access your account again.
Step 4: Disable Access to Potentially Malicious Third-Party Apps
While some hackers use direct logins, others hijack your account by providing an unauthorized, but permitted app access to it.
How to check your access to accounts:
1. Access the security tab, and choose third-party applications that have access to your account; you will see a list of all applications linked to your account explained.
2. All of the applications associated with the accounts are listed there as well.
3. You should evaluate any application that you do not recognize, or any application that you don't have sufficient confidence in and consider deleting that application.
Step 5: Activate Two-Step Verification
Two-factor verification (2FA), also known as two-step verification, is a great way to keep your online accounts secure from unauthorized access by individuals who may try to use your credentials (your usernames and passwords) to gain access.
So even if someone gets your username and password they can't log in because they don't have an additional piece of information needed for verification.
To enable two-factor verification for your account:
1. Go to your account settings > security tab.
2. Refer to the 2FA set-up guide to complete the process. Whenever possible, to authenticate, use Google Authenticator, or another 3rd party application instead of SMS.
3. Store your backup codes in hard copy form; do not keep them on your cell phone.
Stage 6: Reviewing your Security Activities
The Security activity of your Google Account can be tracked by reviewing the activities associated with your account such as Login Attempts, Password Changes, and Recovery Options changes.
Security Activity Identification Strategies:
1. In the Main Menu, go to the left-hand column titled 'Security' and select 'Recent Security Events'.
2. Once you have selected 'Recent Security Events', you will be shown a chronological list of security activity with the most recent activity on the top of the screen.
3. Check for any unauthorized access to your account by non-authorized computers and if there have been any changes to your password and recovery method without some type of notification to you.
Step 7: Conducting the Google Security Check-Up
The Google Security Check-Up tool helps you to locate potential problems with your security account settings and configurations.
Steps for Using the Security Check-Up Tool:
1. Go to www.myaccount.google.com and click on the “Security” link in the left menu
2. Follow the Security Checkup option, located in the mid-section at the top of the web page or go directly via the link www.myaccount.google.com/security-checkup
3. Proceed through the Security Checkup steps. Google will identify any passwords that are weak within your account, if your Recovery Options are missing or if you have had any unusual activity associated with your account.
Step 8: Log Out from All Devices (In Case of Doubt)
In the event that you cannot identify what devices are authentic, you can log out of all devices at once. You will have to log back in on all of your devices, but this will ensure that the intruder will be removed from access to your account.
To do the following:
1. From Security > Devices > Manage All Devices, find “Log Out of All Devices” at the bottom of the screen (note that not all account types are eligible for this option).
2. If you want to log out of each device individually, you can do so by logging into that device.
After logging off all devices, create a new password and sign back in from your own devices.
How Attackers Access Google Accounts Without Authorization?
By knowing how attackers can gain access to an account, you can better protect yourself from it occurring again.
Method 1: Reusing Passwords
You reused your password on a different website that obtained unauthorized access. The attacker then attempted that password against your Google account, and it worked. This is the most common way attackers exploit an account.
Method 2: Using Phishing
You received a phishing email that appeared to be sent from Google, and clicked on a link to an impostor Google login page, where you entered in your credentials and the attacker captured them.
Method 3: Utilizing Malware
By downloading malware, which captures passwords saved in a web browser.
Method 4: Stealing Session Cookies
By clicking on a link or being connected to an unsecured wireless network, the attacker capture your login session cookie, allowing them to authenticate themselves without the need for your password.
Method 5: Data Breach via Different Service
A data breach from another platform revealed your email and password—which then allowed the attacker to attempt to access your Google account using the same credentials.
Method 6: Someone with Physical Access
There is a chance that someone borrowed your cell phone or computer, and while it was still logged-in to your account, they added their own device or changed your password.
Method 7: SIM Swap Attack
The attacker convinced your mobile phone carrier to allow them to have control over your cell number (which has now been transferred to a SIM card under the control of the attacker) and then used an SMS “forgot password” method to reset your Google password. This type of attack is rare but can cause tremendous harm.
Ways to Prevent Future Incidents
Once you've secured your account, you can do the following to further protect against a repeat of this incident.
Immediately enable Two-Factor Authentication (2FA).
This is the single most effective method of protection against unauthorized access to your accounts as it will prevent an attacker from logging in even if they have successfully been able to get their hands on your password. An authenticator app is preferable to SMS.
Use A Password Manager.
Password cans (or managers) provide you with many complex, unique (non-standard) passwords created specifically for each webpage that require a password. These are generated in a secure manner; this way, you will never use the same password twice.
Do Not Use The Same Password On Different Websites.
For example, Google. Your password to your Google account should only be used for your Google account and it should not be used for any other online service.
Check Your Active Devices.
Once each month, review the list of currently logged in (active) devices; remove any devices that you do not recognize or no longer use.
Review third-party apps with account access.
Every few months, go to Security > Third-party apps and remove anything you no longer use or trust.
Be careful with phishing emails.
Google will never ask you to click a link to verify your account or provide your password via email. If you are unsure, type myaccount.google.com directly into your browser.
Update your devices regularly.
Vulnerabilities that can be exploited by attackers to steal your session cookies or install malware are addressed through the release of security patches.
Make sure to use a Virtual Private Network when using public Wi-Fi.
Public Wi-Fi is susceptible to eavesdropping; therefore, the use of a Virtual Private Network helps encrypt your data traffic so that an external party cannot hijack your login session.
Set up Google's Advanced Protection Program.
For high-risk individuals (journalists, activists, executives), Google offers Advanced Protection Program. It requires physical security keys for login and blocks most third-party app access. This is the strongest security Google offers.
The Bottom Line
You can tell if someone else is accessing your Google account right now by checking your active devices at myaccount.google.com.
Go there now. Click Security. Look at Your devices.
If you see a device you do not recognize, sign it out immediately. Change your password. Enable two-factor authentication.
If everything looks normal, you are safe. But check again next month.
Your Google account holds your email, your documents, your photos, and often the keys to your other accounts. It is worth protecting.
FAQ Section
Can I see where my Google account is logged in right now?
Yes. Go to myaccount.google.com, click Security, then click "Manage all devices" under Your devices. You will see every device currently signed in, along with its location, device type, and last active time.
If I see an unfamiliar device when I sign in to my Google Account, what does that mean?
It could mean that someone else has accessed your Account through this device, and that you should click "Sign Out" for that device and change your password immediately and also enable 2FA for security reasons as well.
Is it possible for someone to access my Google Account without seeing their device in my device list?
Generally, no. The vast majority of users' device list will accurately show all the devices currently logged into their Google Accounts. So if you see something that indicates someone else may have accessed your account, you have every reason to believe that you are being accessed by another user. However, a very sophisticated attack by a hacker may use an API Access token that does not register with your list of devices as a full device login session. If you suspect an attack on your account, change your password and enable two-factor authentication too.
What causes Google to display a different location than my home address?
Your device's location is determined by your IP address, as opposed to its GPS. Traffic sent through ISPs can potentially be routed through a distant city rather than your actual location. If you check for incorrect locations, such as countries with wrong IPs and incorrect devices & activity, you should compare these to your own records as well.
What is the best way to determine whether or not someone has accessed your Google Account without authorization?
Checking your Google account every month for most users is sufficient. However, if you are considered to be at risk (i.e. Executive, Journalist, Activist, etc.), consider doing so every week. Additionally, turn on login alerts to receive notifications when someone logs into your account via a different device. Do this by going to Security > Login Alerts.
