Passport

Protecting your account

Yandex takes all possible measures to protect your security. It's very difficult for hackers to pretend to be you and get access to your account. However, it might be easier for a hacker to guess your password or figure out the answer to your security question than for them to try to hack Yandex's security.

Why would someone want to hack my account?

If someone gets access to your account, they can pretend to be you on any of Yandex's services. For example, they may send out spam using your Yandex.Mail account. Or if your Mail account contains addresses of your friends and colleagues, then hackers can send them viruses or requests to send money from your email address. Therefore, protecting your account is important not only for your sake, but for those who trust you.

If you regularly use Yandex services or link your important accounts on other sites to Yandex.Mail, then hackers can inflict even more damage by, say, spending your money or hacking your favorite online gaming account.

Pay particular attention to account security if the following situations apply to you:

  • you use Yandex's pay services (Yandex.Money, Direct, Music, Taxi, or other services that you've paid for using a bank card)

  • your Yandex address is linked to other companies' pay services (like AppStore or Steam)

  • you use your Yandex.Mail account to receive emails from your bank or any other sender of sensitive information

  • you entered your Yandex address when registering your online gaming account (World of Tanks, World of Warcraft, etc.)

  • your Yandex account is linked to your social media accounts (VK, Facebook, etc.)

  • you use your Yandex.Mail address to register with payment systems like Paypal, WebMoney, etc.

Even if you think that nobody would want to hack your account, it's better not to underestimate the potential problems that such a hack would cause.

How your account could be hacked

Hackers may try to get into your account using the following methods:

Guess your password

It may be simple to just guess your password. For example, if your name is Valentina and you were born in 1975, then a hacker would definitely try valentina1975. If you use one of the most common passwords (like qwerty or password1), then it won't take a hacker long to try these simple options and figure yours out.

Use our recommendations to make your password harder to guess.

Find out your password

When you register your password, nobody knows what it is other than you. But whether intentionally or not, you may end up revealing it.

  • You might share your password with relatives, friends, or colleagues. Even if you completely trust them, keep in mind that it's not a secret anymore if others know about it.

  • You might send your password in response to a fake email or SMS. Hackers might pose as Yandex and send a message requesting that you send your password, even though Yandex never asks for your password in a message.

  • You could enter your password on a fake site. Hackers might create an entire fake site at a similar address like yanclex.com.

    In order to avoid this, never enter your password until you're sure that the site is authentic.

  • You might use the same password for many different sites. If a hacker finds out your password to one site, then they will try to log in to all popular services using this password, including your Yandex account.

    To prevent this try to think up a new password every time you register at a site. Of course, this can be difficult if you sign up for a lot of services, in which case try using a password manager. We'd advise you to read reviews of whatever program or extension you use, however, before trusting it with your data.

  • Your computer might contain a virus that tracks your actions. There are viruses that allow hackers to see everything that you enter using your keyboard, including your Yandex username and password.

    Install an antivirus and make sure to regularly update it in order to prevent this. You can choose a free antivirus from our list.

Hack your social network account

Your Social Profiles page lists accounts that may allow you to log in to Yandex. This means that if an attacker compromises your social network account, they will be able to log in to your Yandex account.

To prevent this from happening, try to protect your social network account as you would your Yandex one: think up a complicated password and confirm your phone number when possible.

Hack your alternate email address

The My email addresses page lists all the addresses linked to your Yandex account. You can use any of these addresses besides your Yandex.Mail one to restore account access; Yandex will send you a recovery code via email. If a hacker broke into one of your other accounts, they can "restore" access to your Yandex account by entering that address.

To prevent this from happening, try to protect your other email addresses as you would your Yandex one: think up a complicated password and confirm your phone number when possible.

Guess or find out the answer to your security question

If you don't use a phone number or an alternate email address, then a hacker can restore access just by guessing or finding out your answer to the security question.

Use our recommendations to come up with an answer that would be difficult to guess. You also need to be wary of hackers that may try to trick you into revealing your answer to a security question. For example, if your security question is "What's your favorite food?", then someone may contact you under the guise of a survey:

Example of fraudulent email

Hello!

I represent a major web site dedicated to healthy eating. To better understand the preferences of our readers, we are performing a simple survey: What is your favorite food?

Yours sincerely, Founder of the fake-food.com project

How you can protect your account

Link your phone number to your account or enable two-factor authentication in order to protect your account from hacking or theft. After taking these measures, your account security will be tied solely to your password and it will be easier to solve access problems.

If you don't want to enable two-factor authentication, try to protect your password using the following methods:

Come up with a complicated password

Use our recommendations to come up with a password that would be difficult to guess or put together.

Do not tell anyone your password

When you register your password, nobody knows what it is other than you. Don't tell anyone what your password is and don't enter it on suspicious sites so that it doesn't accidentally end up in the hands of hackers.

It's safer to create special passwords for programs and apps (such as mail clients).

Don't use your password on other services

A hacker that found out what your password is on one service will definitely check to see if you use the same one for other popular sites, social networks, or games.

If you sign up for a lot of services, if can be difficult to remember all your passwords. In this case try using a password manager. We'd advise you to read reviews of whatever program or extension you use, however, before trusting it with your data.

Protect the information you use to restore access

Try to make it difficult for a hacker to "restore" access to your account.

  • If you confirmed a phone number, then make sure it's still your current one. When you change numbers, make sure that you also change it on your Phone Numbers page.

  • If you use other email addresses to restore your account, protect your other email addresses as you would your Yandex one: think up a complicated password and confirm your phone number when possible.

  • If you only use a security question to restore access, then follow our recommendations concerning how to come up with a reliable answer to your security question.

What to do if your account is hacked

If you notice something strange about your Yandex account (for example, a friend got an email from you that you never sent or you see sites or programs you've never visited in your browsing history), then it's possible that your account was hacked.

Follow our instructions to regain control of your account.

How to come up with a good password

A simple password is the single greatest risk to your account. Common words such as love or password, as well as predictable combinations such as qwerty or 123456, are easily guessed by password cracking software tools. Please do not ignore warnings from Yandex about a password that is too simple. Also do not use publicly-available data such as your name, date of birth, or passport number for your password.

To create a complex password, use:

  • Both uppercase and lowercase Latin letters.

  • Numbers.

  • punctuation marks (allowed: ` ! @ # $ % ^ & * ( ) - _ = + [ ] { } ; : " \ | , . < > / ?, not allowed: ~ and ').

Attention! Don't tell anyone what the password you use to log in to your account is. The more people know your password, the higher the odds that a hacker will get their hands on it.

Ways to restore access

If you didn't confirm your phone number when you registered your account, then it is only protected by security question. Think of your answer to the security question as yet another password that someone could guess or figure out. For this reason we recommend that you set up a more reliable method to restore account access when possible.

If you have to use a security question, then protect it.

Two-factor authentication

Android and iOS let you install the Yandex.Key app so that you don't have to remember and protect your passwords. This app works by generating a one-time password each time you log in to Yandex, which then expires as soon as you've entered your account.

Two-factor authentication gives your Yandex account the highest level of protection. To hack this level of security, one would have to steal your device and unblock it, in addition to taking other measures.

Read more about this security measure under Two-factor authentication.

Phone number

A secure phone number lets you restore account access using a code that Yandex sends you in an SMS. Don't forget to change the secure number linked to your account if you can no longer read messages that are sent to it.

Even if a hacker can log in to your account, you will have a minimum of 30 days to regain control over it and change your password.

Read more about this security measure under Phone number.

Alternate email address

An alternate email address lets you restore account access using a code that Yandex sends there. Hackers that can log in to your account can unlink an alternate email address from your account fairly easily, which makes it more difficult for you to regain control of it. For this reason we recommend that you set up a more reliable method to restore account access when possible.

If you use an alternate email address, don't forget that someone who has hacked it can also gain access to your Yandex account. Alternate email addresses need to be protected: come up with a strong password, enable two-factor authentication when possible, or link your phone number.

Read more about this security measure under Email addresses.

Security question

If you didn't use any other means to restore access, then your account is only protected from hackers by a security question. The answer to your security question should be just as difficult to figure out or guess as your password is.

Note. If you don't want to remember an answer to a security question, then enable two-factor authentication, confirm your phone number, or add an alternate email address.

It's best to use an answer that only you know for security questions. Your mother's maiden name, favorite food, pet name, phone number, or apartment number are all things that any close friend would know and might even be publicly-available (if you include them in your social network profile, for example). Try entering your own security question with an answer that will be easy for you to remember but difficult for a hacker to guess.