Protect your account
Yandex takes all possible measures to protect you from the technical side. It's very difficult for hackers to pretend to be you and get access to your account. However, it might be easier for a hacker to guess your password or figure out the answer to your security question than for them to try to hack Yandex's security.
Why would someone want to hack my account?
If someone gets access to your account, they can pretend to be you on any of Yandex's services. For example, they may send out spam using your Yandex.Mail account. Or if your Mail account contains addresses of your friends and colleagues, then hackers can send them viruses or requests to send money from your email address. Therefore, protecting your account is important not only for your sake, but for those who trust you.
If you regularly use Yandex services or link your important accounts on other sites to Yandex.Mail, then hackers can inflict even more damage by, say, spending your money or hacking your favorite online gaming account.
Pay particular attention to account security if the following situations apply to you:
You use Yandex's paid services (Yandex.Money, Direct, Music, Taxi, or other services that you've paid for using a bank card).
Your Yandex address is linked to other companies' paid services (like AppStore or Steam).
You use your Yandex.Mail account to receive emails from your bank or any other sender of sensitive information.
you entered a Yandex address when registering your online gaming account (World of Tanks, World of Warcraft, etc.).;
Your Yandex account is linked to your social media accounts (VK, Facebook, etc.).
You use your Yandex.Mail address to register with payment systems like Paypal, WebMoney, etc.
Even if you think that nobody would want to hack your account, it's better not to underestimate the potential problems that such a hack would cause.
How your account could be hacked
Hackers may try to get into your account using the following methods:
- Guess your password
- Find out your password
- Hack your social network account
- Hack your alternate email address
- Guess or find out the answer to your security question
Guess your password
It may be simple to just guess your password. For example, if your name is Valentina and you were born in 1975, then a hacker would definitely try
valentina1975. If you use one of the most common passwords (like
password1), then it won't take a hacker long to try these simple options and figure yours out.
Use our recommendations to make your password harder to guess.
Find out your password
When you register your password, nobody knows what it is other than you. But whether intentionally or not, you may end up revealing it.
You might share your password with relatives, friends, or colleagues. Even if you completely trust them, keep in mind that it's not a secret anymore if others know about it.
You might send your password in response to a fake email or SMS. Hackers might pose as Yandex and send a message requesting that you send your password, even though Yandex never asks for your password in a message.
You could enter your password on a fake site. Hackers might create an entire fake site at a similar address like
In order to avoid this, never enter your password until you're sure that the site is authentic.
You might use the same password for many different sites. If a hacker finds out your password to one site, then they will try to log in to all popular services using this password, including your Yandex account.
To avoid this, come up with a new password each time you register. If you sign up for a lot of services, it can be difficult to remember all your passwords. In this case, try to use a password manager, but don't forget to read reviews of programs or extensions before trusting them with your data.
Your computer might contain a virus that tracks your actions. There are viruses that allow hackers to see everything that you enter using your keyboard, including your Yandex username and password.
Install an antivirus and make sure to regularly update it in order to prevent this. You can choose a free antivirus from our list.
Hack your alternate email address
All addresses linked to your account are listed on the My email addresses page. All addresses except your Yandex.Mail can be used to restore access: Yandex will send a recovery code via email. If a hacker broke into one of your other accounts, they can “restore” access to your Yandex account by entering that address.
To prevent this from happening, try to protect your other email addresses as you would your Yandex one: think up a complicated password and confirm your phone number when possible.
Guess or find out the answer to your security question
If you don't use a phone number or an alternate email address to restore access, then all a hacker needs to do is guess or find out your answer to the security question.
Use our recommendations to come up with an answer that would be difficult to guess. You also need to be wary of hackers that may try to trick you into revealing your answer to a security question. For example, if your security question is "What's your favorite food?", then someone may contact you under the guise of a survey:
Example of fraudulent email
I represent a major web site dedicated to healthy eating. To better understand the preferences of our readers, we are performing a simple survey: What is your favorite food?
Yours sincerely, Founder of the fake-food.com project
How you can protect your account
Link your phone number to your account or enable two-factor authentication in order to protect your account from hacking or theft. After taking these measures, your account security will no longer depend solely on a password and it will be easier to solve access problems.
If you don't want to enable two-factor authentication, try to protect your password using the following methods:
- Come up with a complicated password
- Do not tell anyone your password
- Don't use your password on other services
- Protect the information you use to restore access
Come up with a complicated password
Use our recommendations to come up with a password that would be difficult to guess outright or surmise.
Do not tell anyone your password
When you register your password, nobody knows what it is other than you. Don't tell anyone what your password is and don't enter it on suspicious sites so that it doesn't accidentally end up in the hands of hackers.
It's safer to create special passwords for web- and mobile-apps (such as mail clients).
Don't use your password on other services
A hacker that found out what your password is on one service will definitely check to see if you use the same one for other popular sites, social networks, or games.
If you sign up for a lot of services, it can be difficult to remember all your passwords. In this case, try to use a password manager, but don't forget to read reviews of programs or extensions before trusting them with your data.
Protect the information you use to restore access
Try to make it difficult for a hacker to "restore" access to your account.
If you confirmed a phone number, then make sure it's still your current one. When you change numbers, make sure that you also change it on your Phone Numbers page.
If you use other email addresses to restore your account, protect your alternate email addresses as you would your Yandex one: think up a complicated password and confirm your phone number when possible.
If you only use a security question to restore access, then follow our recommendations for how to come up with a reliable answer to your security question.
What to do if your account is hacked
How to come up with a reliable password
A good password is one that is difficult to guess.
To create a complex password, use:
Both uppercase and lowercase Latin letters.
What kind of passwords are not secure?
What you should not use as a password:
Passwords that you already use on other sites or apps. If someone has found out, for example, your social network password, they could try to log in not only to your Yandex account, but also other social networks, mail services, and online banks using this password.
Common words (
administrator), as well as predictable letter combinations (
Personal data that you could have provided anywhere on the Internet: name, date of birth, passport number, etc. Even your mother's maiden name, which as much as it would seem no one knows, should not be used.
Ways to restore access
If you didn't confirm your phone number when you registered your account, then your only means of protection is your security question. Think of your answer to the security question as yet another password that someone could guess or figure out. For this reason we recommend that you set up a more reliable method to restore account access when possible.
If you have to use a security question, then protect it.
Android and iOS let you install the Yandex.Key app so that you don't have to remember and protect your passwords. This app works by generating a one-time password each time you log in to Yandex, which then expires as soon as you've entered your account.
Two-factor authentication gives your Yandex account the highest level of protection. To hack this level of security, one would, among other things, have to steal your device and unblock it.
Read more about this security measure under Two-factor authentication.
A secure phone number lets you restore account access using a code that Yandex sends you in an SMS. Don't forget to change the secure number linked to your account if you can no longer read messages that are sent to it.
Even if a hacker can log in to your account, you will have a minimum of 30 days to regain control over it and change your password.
Read more about this security measure in the Phone number section.
Alternate email address
An alternate email address lets you restore account access using a code that Yandex sends there. Hackers that can log in to your account can unlink an alternate email address from your account fairly easily, which makes it more difficult for you to regain control of your account. For this reason we recommend that you set up a more reliable method to restore account access when possible.
If you use an alternate email address, don't forget that someone who has hacked it can also gain access to your Yandex account. Alternate email addresses need to be protected: come up with a strong password, enable two-factor authentication when possible, or link your phone number.
Read more about this security measure in the Email addresses section.
If you didn't use any other means to restore access, then your account is only protected from hackers by a security question. The answer to your security question should be just as difficult to figure out or guess as your password is.
For security questions, it's best to use an answer that only you know. Your mother's maiden name, favorite food, pet name, phone number, or apartment number are all things that any close friend would know and might even be publicly-available (if you include them in your social network profile, for example). Try entering your own security question with an answer that will be easy for you to remember but difficult for a hacker to guess.