Protect your account
Yandex takes all possible measures to protect you from the technical side. It's very difficult for hackers to pretend to be you and get access to your account. However, it might be easier for a hacker to guess your password or figure out the answer to your security question than for them to try to hack Yandex's security.
Why would someone want to hack my account?
If someone gets access to your account, they can pretend to be you on any of Yandex's services. For example, they may send out spam using your Yandex.Mail account. Or if your Mail account contains addresses of your friends and colleagues, then hackers can send them viruses or requests to send money from your email address. Therefore, protecting your account is important not only for your sake, but for those who trust you.
If you regularly use Yandex services or link your important accounts on other sites to Yandex.Mail, then hackers can inflict even more damage by, say, spending your money or hacking your favorite online gaming account.
Pay particular attention to account security if the following situations apply to you:
You use Yandex's paid services (Yandex.Money, Direct, Music, Taxi, or other services that you've paid for using a bank card).
Your Yandex address is linked to other companies' paid services (like AppStore or Steam).
You use your Yandex.Mail account to receive emails from your bank or any other sender of sensitive information.
You entered your Yandex address when registering your online gaming account (World of Tanks, World of Warcraft, etc.).
Your Yandex account is linked to your social media accounts (VK, Facebook, etc.).
You use your Yandex.Mail address to register with payment systems like Paypal, WebMoney, etc.
Even if you think that nobody would want to hack your account, it's better not to underestimate the potential problems that such a hack would cause.
How your account could be hacked
Hackers may try to get into your account using the following methods:
- Guess your password
- Find out your password
- Hack your social network account
- Hack your alternate email address
- Guess or find out the answer to your security question
Guess your password
It may be simple to just guess your password. For example, if your name is Valentina and you were born in 1975, then a hacker
would definitely try
valentina1975. If you use one of the most common passwords (like
password1), then it won't take a hacker long to try these simple options and figure yours out.
Use our recommendations to make your password harder to guess.
Find out your password
When you register your password, nobody knows what it is other than you. But whether intentionally or not, you may end up revealing it.
You might share your password with relatives, friends, or colleagues. Even if you completely trust them, keep in mind that it's not a secret anymore if others know about it.
You might send your password in response to a fake email or SMS. Hackers might pose as Yandex and send a message requesting that you send your password, even though Yandex never asks for your password in a message.
You could enter your password on a fake site. Hackers might create an entire fake site at a similar address like
In order to avoid this, never enter your password until you're sure that the site is authentic.
You might use the same password for many different sites. If a hacker finds out your password to one site, then they will try to log in to all popular services using this password, including your Yandex account.
To prevent this try to think up a new password every time you register at a site. Of course, this can be difficult if you sign up for a lot of services, in which case try using a password manager. We'd advise you to read reviews of whatever program or extension you use, however, before trusting it with your data.
Your computer might contain a virus that tracks your actions. There are viruses that allow hackers to see everything that you enter using your keyboard, including your Yandex username and password.
Install an antivirus and make sure to regularly update it in order to prevent this. You can choose a free antivirus from our list.
Hack your alternate email address
The My email addresses page lists all the addresses linked to your account. Any of the addresses other than your Yandex.Mail address can be used for restoring access to your account, because Yandex sends an access recovery code in an email. If a malicious user hacked one of your other email addresses, they can “restore” access to your Yandex account by using this address.
To prevent this from happening, try to protect your other email addresses as you would your Yandex one: think up a complicated password and confirm your phone number when possible.
Guess or find out the answer to your security question
If you don't use a phone number or an alternate email address, then a hacker can restore access just by guessing or finding out your answer to the security question.
Use our recommendations to come up with an answer that would be difficult to guess. You also need to be wary of hackers that may try to trick you into revealing your answer to a security question. For example, if your security question is "What's your favorite food?", then someone may contact you under the guise of a survey:
Example of fraudulent email
I represent a major web site dedicated to healthy eating. To better understand the preferences of our readers, we are performing a simple survey: What is your favorite food?
Yours sincerely, Founder of the fake-food.com project
How you can protect your account
Link your phone number to your account or enable two-factor authentication in order to protect your account from hacking or theft. After taking these measures, your account security will no longer depend solely on a password and it will be easier to solve access problems.
If you don't want to enable two-factor authentication, try to protect your password using the following methods:
- Come up with a complicated password
- Do not tell anyone your password
- Don't use your password on other services
- Protect the information you use to restore access
Come up with a complicated password
Use our recommendations to come up with a password that would be difficult to guess outright or surmise.
Do not tell anyone your password
When you register your password, nobody knows what it is other than you. Don't tell anyone what your password is and don't enter it on suspicious sites so that it doesn't accidentally end up in the hands of hackers.
It's safer to create special passwords for web- and mobile-apps (such as mail clients).
Don't use your password on other services
A hacker that found out what your password is on one service will definitely check to see if you use the same one for other popular sites, social networks, or games.
If you sign up for a lot of services, if can be difficult to remember all your passwords. In this case try using a password manager. We'd advise you to read reviews of whatever program or extension you use, however, before trusting it with your data.
Protect the information you use to restore access
Try to make it difficult for a hacker to "restore" access to your account.
If you confirmed a phone number, then make sure it's still your current one. When you change numbers, make sure that you also change it on your Phone Numbers page.
If you use other email addresses to restore your account, protect your alternate email addresses as you would your Yandex one: think up a complicated password and confirm your phone number when possible.
If you only use a security question to restore access, then follow our recommendations for how to come up with a reliable answer to your security question.
What to do if your account is hacked
If you notice something strange about your Yandex account (for example, a friend got an email from you that you never sent or you see sites or programs you've never visited in your browsing history), then it's possible that your account was hacked.
Follow our instructions to regain control of your account.
How to come up with a reliable password
A good password is one that is difficult to guess or figure out.
To create a complex password, use:
Both uppercase and lowercase Latin letters.
not allowed: only
What kind of passwords are unreliable?
You shouldn't use as a password:
Passwords that you already use for other websites or applications. For example, if someone finds out your social network password, they will try to use it for logging in to Yandex, as well as other social networks, email, and online banking services.
Common words (
administrator), as well as predictable character combinations (
Personal data that you might have have entered on the Internet: name, date of birth, passport number and so on. Even your mother's maiden name isn't a good idea for a password, though it may seem like no one knows it.
Ways to restore access
If you didn't confirm your phone number when you registered your account, then your only means of protection is your security question. Think of your answer to the security question as yet another password that someone could guess or figure out. For this reason we recommend that you set up a more reliable method to restore account access when possible.
If you have to use a security question, then protect it.
Android and iOS let you install the Yandex.Key app so that you don't have to remember and protect your passwords. This app works by generating a one-time password each time you log in to Yandex, which then expires as soon as you've entered your account.
Two-factor authentication gives your Yandex account the highest level of protection. To hack this level of security, one would, among other things, have to steal your device and unblock it.
Read more about this security measure under Two-factor authentication.
A secure phone number lets you restore account access using a code that Yandex sends you in an SMS. Don't forget to change the secure number linked to your account if you can no longer read messages that are sent to it.
Even if a hacker can log in to your account, you will have a minimum of 30 days to regain control over it and change your password.
Read more about this security measure in the Phone number section.
Alternate email address
An alternate email address lets you restore account access using a code that Yandex sends there. Hackers that can log in to your account can unlink an alternate email address from your account fairly easily, which makes it more difficult for you to regain control of your account. For this reason we recommend that you set up a more reliable method to restore account access when possible.
If you use an alternate email address, don't forget that someone who has hacked it can also gain access to your Yandex account. Alternate email addresses need to be protected: come up with a strong password, enable two-factor authentication when possible, or link your phone number.
Read more about this security measure in the Email addresses section.
If you didn't use any other means to restore access, then your account is only protected from hackers by a security question. The answer to your security question should be just as difficult to figure out or guess as your password is.
For security questions, it's best to use an answer that only you know. Your mother's maiden name, favorite food, pet name, phone number, or apartment number are all things that any close friend would know and might even be publicly-available (if you include them in your social network profile, for example). Try entering your own security question with an answer that will be easy for you to remember but difficult for a hacker to guess.