Protect your account

Yandex takes all possible measures to protect you from the technical side. It's very difficult for hackers to pretend to be you and get access to your account. It might be easier for a hacker to guess your password or figure out the answer to your security question than to try to hack Yandex's security.

Why would someone want to hack my account?

If someone gets access to your Yandex ID, they can pretend to be you on any Yandex service. For example, they may send out spam using your Yandex Mail account. Or, if your Yandex.Mail account contains addresses of your friends and colleagues, then hackers can send them viruses or requests to send money from your email address. Therefore, protecting your account is important for both you and those who trust you.

If you regularly use Yandex services or link your important accounts on other sites to Yandex.Mail, then hackers can inflict even more damage by, say, spending your money or hacking your favorite online gaming account.

Pay particular attention to account security if the following situations apply to you:

You use paid Yandex services (Yandex.Direct, Yandex Music, Yandex.Taxi, or other services where you made purchases or entered your bank card details).
Your Yandex address is linked to other companies' paid services (like AppStore or Steam).
You use your Yandex Mail account to receive emails from your bank or any other sender of sensitive information.
You entered your Yandex address when registering any online gaming account (World of Tanks, World of Warcraft, etc.).
You set up external authentication methods for Yandex (for example, using a social network profile).
You used your Yandex Mail address to create an e-wallet or sign up for a payment service.

Even if you think that nobody would want to hack your account, it's better not to underestimate the potential problems that such a hack would cause.

How your account could be hacked

Hackers may try to get into your account using the following methods:

Guess your password

It may be simple to just guess your password. For example, if your name is Valentina and you were born in 1975, the hackers would definitely try valentina1975. If you use a common password (like qwerty or password1), then it won't take a hacker long to try these simple options and figure yours out.

Use our recommendations to make your password harder to guess.

Find out your password

When you register your password, nobody knows what it is other than you. But whether intentionally or not, you may end up revealing it.

You might share your password with relatives, friends, or colleagues. Even if you completely trust them, keep in mind that it's not a secret anymore if others know about it.
You might send your password in response to a fake email or SMS. Hackers might pose as Yandex and send a message requesting your password, even though Yandex never asks for your password in a message.

To learn more about fraudulent emails, see Phishing in Yandex Mail Help.
You could enter your password on a fake site. Hackers might create an entire fake site at a similar address, like yanclex.com.

In order to avoid this, never enter your password until you're sure that the site is authentic.
You might use the same password for many different sites. If a hacker has learned your password to one site, they'll try to log in to all popular services using this password, including your Yandex account.

To avoid this, come up with a new password each time you register. If you sign up for a lot of services, it can be difficult to remember all your passwords. In this case, try using a password manager, but don't forget to read reviews of whatever program or extension you choose before trusting it with your data.
Your computer might contain a virus that tracks your actions. There are viruses that hackers use to see everything you enter using your keyboard, including your Yandex username and password.

Install an antivirus and make sure to regularly update it in order to prevent this. You can choose a free antivirus from our list.

Hack your external profile (for example, in a social network)

The External accounts page lists services that you may use to log in to your Yandex account. If an attacker hacks your profile in an external service, they will be able to log in to your Yandex account as well.

To prevent that from happening, make sure your external profile is protected as thoroughly as your Yandex ID: set a strong password and verify your phone number if possible.

Hack your alternate email address

The Recovery methods section on the Security tab lists all addresses linked to your Yandex ID. All addresses except your Yandex Mail can be used to restore access: Yandex will send a recovery code via email. If a hacker has broken into one of your other accounts, they can “restore” access to your Yandex account by entering that address.

To prevent this from happening, protect your other email addresses as much as you protect your Yandex ID: think up a complicated password and confirm your phone number if possible.

Guess or find out the answer to your security question

If you don't use a phone number or an alternate email address to restore access, then all a hacker needs to do is guess or find out your answer to the security question.

Use our recommendations to come up with an answer that would be difficult to guess. You also need to be wary of hackers that may try to trick you into revealing your answer to a security question. For example, if your security question is "What's your favorite food?", then someone may contact you under the guise of a survey:

Example of fraudulent email

Hello,

I represent a major web site dedicated to healthy eating. To better understand the preferences of our readers, we are performing a simple survey: What is your favorite food?

Yours sincerely, Founder of the fake-food.com project

How you can protect your account

Link your phone number to your Yandex ID or enable logging in via a one-time password to protect your account from hacking or theft. After that, your account security will no longer depend solely on a password, and it will be easier to solve access problems.

If you don't want to enable logging in via a one-time password, try to protect your password using the following methods:

Come up with a complicated password

Use our recommendations to come up with a password that would be difficult to guess outright or surmise.

Do not give your password to anyone

When you register your password, nobody knows what it is other than you. To make sure hackers don't accidentally find out your password, don't tell it to anyone and don't enter it on suspicious sites.

It's safer to create special passwords for web- and mobile-apps (such as mail clients).

Don't use your password on other services

A hacker that found out what your password is on one service will definitely check to see if you use the same one for other popular sites, social networks, or games.

If you sign up for a lot of services, it can be difficult to remember all your passwords. In this case, try using a password manager, but don't forget to read reviews of whatever program or extension you choose before trusting it with your data.

Protect the information you use to restore access

Try to make it difficult for a hacker to “restore” access to your account.

If you confirmed a phone number, then make sure it's still your current one. When you change your phone number, be sure to update it immediately on the Phone numbers page.
If you use alternate email addresses to restore account access, protect them as much as you protect your Yandex ID: think up a complicated password and confirm your phone number if possible.
If you only use a security question to restore access, then follow our recommendations for how to come up with a reliable answer to your security question.

What to do if your account is hacked

If you notice something strange while using Yandex (for example, friends receive emails from you that you didn't send, or there are certain actions in the activity history that you didn't perform), your account may have been hacked.

Follow our instructions to regain control of your account.

How to come up with a reliable password

A good password is one that is difficult to guess.

Attention. Don't tell anyone what the password you use to log in to your account is. The more people know your password, the higher the chance that a hacker will get their hands on it.

To create a complex password, use:

Both uppercase and lowercase Latin letters.
Numbers.
Punctuation marks: ``!@#$%^&*()-_=+[]{};:"|,.<>/? (except ~ and ').

What kind of passwords are not secure?

What you should not use as a password:

Passwords that you already use on other sites or apps. If someone has found out, for example, your social network password, they could try to log in not only to your Yandex account, but also other social networks, mail services, and online banks using this password.
Common words (jennifer, administrator), as well as predictable letter combinations (qwerty, 123456).
Personal data that you could have provided anywhere online, such as name, date of birth, or passport number. Even your mother's maiden name isn't safe to use, even though it might seem that no one knows it.

Ways to restore access

If you didn't confirm your phone number when you registered your account, then it is only protected by security question. Think of your answer to the security question as another password that someone could guess or learn. This is why we recommend setting up a more reliable way to restore access, if possible.

If you have to use a security question, then protect it.

Yandex Key

On Android or iOS devices, you can install the Yandex Key app to protect your account. This app works by generating a one-time password each time you log in to Yandex. This password expires as soon as you've entered your account.

Logging in with a one-time password is the most secure way to protect your Yandex ID. To hack this level of security, among other things, hackers will have to steal your device and unlock it.

Fore more information about this security measure, see Yandex Key.

Phone number

A secure phone number lets you restore account access using a code that Yandex sends you in an SMS. Don't forget to change the secure number linked to your account if you can no longer read messages that are sent to it.

Even if a hacker can log in to your account, you will have at least 14 days to regain control and change your password.

Read more about this security measure in the Phone number section.

Alternate email address

An alternate email address lets you restore account access using a code sent by Yandex. Hackers logging in to your account can unlink an alternate email address from your Yandex ID fairly easily, which makes it more difficult for you to regain control of your account. This is why we recommend setting up a more reliable way to restore access, if possible.

If you use an alternate email address, don't forget that someone who hacked it can also gain access to your Yandex ID. Alternate email addresses need to be protected: come up with a strong password, enable two-factor authentication when possible, or link your phone number.

Read more about this security measure in the Alternate email addresses section.

Security question

If you didn't use any other means to restore access, then your account is only protected from hackers by a security question. The answer to your security question should be as difficult to figure out or guess as your password.

Note. If you don't want to remember an answer to a security question, enable logging in with a one-time password, confirm your phone number, or add an alternate email address.

For security questions, it's best to use an answer that only you know. Your mother's maiden name, favorite food, pet name, phone number, or apartment number are all things that any close friend would know and that might even be publicly available (for example, on a social network). Try entering your own security question with an answer that will be easy for you to remember but difficult for a hacker to guess.

Contact support