Skip to main content

How to completely reset your Google login across every device

Google Authenticator
Google Authenticator (Image credit: Android Central)

It's something nobody wants to think about and hopes they never have to do, but it is important to know how to change your Google account password so that every device and service needs to log in again.

This isn't just changing your password. Think of it as the next step if you think someone may have gained access to your Google account. You won't lose any of your Google account data, like emails or contacts, but you will need to set up any two-factor app passwords again so if any of your apps would delete their data when this happens you probably won't be able to get it back.

Think of this as a last-ditch effort to stop someone from taking over your online identity; you still should change your password every six weeks the "normal" way.

All of this information is available from Google, but it's spread out across several different help topics and places online. It's never fun to search for every step, especially when you're frustrated, so here is everything you need to know in one handy spot.

What you'll need

  • A working Google account. If someone already has access and has locked you out, you need to contact Google support.
  • An Android or iOS phone that can get text messages. If you use a VoIP service for messaging, make sure it can get short codes and authentication tokens via SMS. Your best bet is to have a phone with a working SIM card and account.
  • A second way to get online, just in case.

Let's begin!

Account recovery options

Start by going to your Google account security page. Notice the https and make sure the URL you visit has the same prefix so you know it's a real Google page. On the page you'll see options for Account recovery; make sure they are all correct. If you never set any, do so now.

Sign out other sessions

Open your Gmail through a web browser in desktop mode. You won't be able to do this through an app. At the very bottom left of the page you'll see Last account activity: with a time after it and right under you'll see Details. Click or tap on Details. A new window will open that tells you information about how, where, and when your account has been accessed. You should review them, but the important thing here is the button labeled Sign out of all other web sessions. Click or tap that. It does just what it says — logs you off everywhere else. Close the web browser.

Revoke access

Visit your Google account permissions page and remove access for everything listed except the phone in your hands and the other device you'll be using. Again, notice the https URL prefix. To remove a device or app, click or press on it in the list and you'll see a button that says Remove. This does what you think: it revokes access permissions and logs the device or app out of your account.

This step makes sure the only thing connected to your account is the thing in your hands.

Next, revoke all your app passwords. Head back to your Google account security page (again, https!) and scroll halfway down the page. Under the section marked Password & sign-in method you'll see an entry for App passwords. Open it, and you'll need to provide your password. Then proceed to delete any special application passwords you've used or are using. This is important! It's a pain to enter new App passwords for 2FA, but this makes sure someone isn't using a third-party app to grab your data. Just Do It.

Change your password

Stay on your Google account security page because you will need to change your password now. You'll see the entry under the section marked Password & sign-in method. Pick a good password.

You'll need to log in again using this new password on every device that uses your Google account.

Best Password Managers For Android

Best Password Managers For Android (Image credit: Android Central)

Password managers

Your password doesn't have to be extra long to be secure. It just needs to be random.

  • iLovePuppies is a terrible password.
  • 1<3PuPp13z is a fair password.
  • PuPp13s&t65Rm is a great password.

Don't bother trying to use something you will remember, instead find a good password manager. You should use a different password for every single login that asks for one. You'll never be able to remember every password if they are all random!

More: The best password manager For Android

Two-factor authentication

You need to set up two-factor authentication for your Google account if you haven't already. We recommend you use two-factor authentication on every login that supports it!

2FA (Two-Factor Authentication) means you need more than a password to prove it's really you. For most people, this means a special code sent to your phone via SMS or an authentication app (preferably the latter). It's an extra step, but it is the best way to make sure nobody except you can ever have access to your accounts.

Encrypt Chrome Sync

If you use Chrome and have it save things like logins or credit card numbers, you'll want to encrypt the sync data. That means that you will need to provide a password to sync Chrome on any device. chances are it's already encrypted using your Google credentials (which you just changed) and you'll be asked to sign in again if you're not on your phone. But you can use a different password for encrypting this data if you want.

This is actually easiest to do using the Chrome app on your phone.

  • Open the Chrome app.
  • Tap the overflow (three vertical dots) button.
  • Tap Settings near the bottom.
  • Tap your account name at the top.
  • Tap Sync midway down the window.
  • Scroll down to Encryption and tap it.
  • In the pop up, choose to Encrypt all synced data with your own sync passphrase.
  • Enter your new password.

If you do this, you will need to use this password when you want Chrome to sync with your account. Existing sessions will ask for the new password the next time you open them.

Sign back in to everything

This method will disconnect every single device and app connected to your account. That means phones, tablets, Chromecasts, Google Home and everything else that might be hooked in like web apps or Android apps. If you changed the password using your phone, the services from Google will be able to switch over mostly seamlessly, and apps should just let you authorize the next time you use them.

Other devices, like Google Home or Google Wifi, will need to be logged in through their app. And web services like IFTTT or Pocket will also need to be reauthorized.

This sounds a little extreme and it's not something you should need to do regularly. But if you think someone has worked their way into your account this is the right way to get rid of them!

Thoughts?

Have you ever gone through this procedure? Share your story down below!

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

9 Comments
  • It would be intresting to know why the 12 char long pwd iLovePuppies are deemed worse than the 10 char next pwd? The last example is more of the same stupidity. Password need either to be simple for a human to remember or stored in a password manager. Much better have a long passphrase easy to remember than a complex password. Maybe iLovePurplePuppies?
  • Love when you do articles like this, Jerry
  • Thank you for this article. I wish Google would make it easier across-the-board about this very topic. Seems convoluted and confusing.
  • Is it even necessary to change your password if you're using 2FA? Even if the password is compromised the 2FA is constantly changing. Assuming that you're using different passwords for other accounts. If not, then that password could compromise a different login.
  • Great article. Would never know how to do that. I recently read somewhere that it is better to have passwords with long phrases with real words than shorter ones with random characters. Any thoughts on that?
  • Passwords are hacked by computers, not people. It does no good to use a password that a person will not recognize. Your password is more secure if its longer, if it includes a larger character space (i.e. lower and upper case letters, numbers and special characters). Your password is less secure if it consists of words in the dictionary, books of names, or either of those with obvious symbol substitution (I.e. a dictionary word with S replaced by $). Pick a long phrase you can remember and then "warp" the words so that you know them but they aren't real words (I.e whye # tha grownd).
  • If you have a Chromebook and change your password on another device, you will need to enter the old password and then the new one. That's so Chrome OS can decrypt your partition using the old password and then re-encrypt it using the new password. You MUST know your old password if you want to keep your data on the Chromebook.
  • Jerry! Great information.
  • Another great security pice. Thanks Jerry keep up the good work.