If you add a new sign-in method to your Google Account, there may be a brief waiting period before you can use it. To help keep your Google Account secure, Google monitors sign-in methods for suspicious activity. If we suspect a sign-in method may have been added without your permission, we’ll restrict its use and mark it an at-risk method in your account. You can manage your sign-in methods in your Google Account security settings.
Manage potentially compromised sign-in methods
If Google detects a suspicious sign-in method on your account, its use will be restricted and you’ll receive a security alert via email. If you take no action to verify the at-risk method, Google automatically removes it after 30 days. You’ll receive an email notification before the at-risk method is removed.
Review at-risk sign-in methods
To review and manage any sign-in methods flagged as at-risk:
- Go to myaccount.google.com/security.
- Select Recent security activity.
- Select the flagged sign-in method to review the details.
- If you recognize this sign-in method and added it yourself: Select Re-enable and follow the on-screen steps to complete an extra security check. This prevents the method's removal and reactivates it for use.
- You must have a trusted passkey or security key to re-enable an at-risk sign-in method.
- If you do not have a trusted passkey or security key, we recommend that you add a passkey or physical security key to your account. Once it is trusted, you can re-enable the at-risk sign-in method.
- If you do not recognize this sign-in method: Select Remove to delete it from your account. We strongly recommend you immediately change your password and review your security settings for suspicious activity.
- If you recognize this sign-in method and added it yourself: Select Re-enable and follow the on-screen steps to complete an extra security check. This prevents the method's removal and reactivates it for use.
Speed up new sign-in method activation
If you recently made changes to your account’s authentication or recovery factors, it may take up to 7 days for those changes to take effect. If someone tries to use your account without your permission, this allows you to quickly secure your account.
If you have a trusted passkey or physical security key, you may be able to speed up the process for Google to trust a new authentication or recovery method. Passkeys and security keys are very secure authentication methods, and very hard to hack. If you already use them, you may be able to speed up trust for a new passkey, 2-Step Verification phone number, or recovery phone number.
To speed up this process:
- Go to myaccount.google.com/security.
- Select the authentication or recovery method you are trying to speed up.
- The only methods you can speed up are passkeys, 2-Step Verification phone number, and recovery phone number.
- Select Approve.
- If you do not see the option to approve, you may not have a trusted passkey or security key.
- Follow the steps onscreen to authenticate with your passkey or security key.
Why you need a trusted passkey or security key to verify critical account changes
Google requires an extra security check for critical account changes like re-enabling restricted sign-in methods or speeding up new method activation. This step is essential to help verify your identity and prevent unauthorized access to your account.
For these highly sensitive actions, you need to use a highly secure and already trusted sign-in method. These include:
- A trusted passkey stored on your device or a hardware security key.
- A trusted physical security key.
Passkeys and physical security keys provide a higher level of security than other methods because they are designed to be "unphishable." They rely on cryptographic proof and physical interaction. This makes it extremely difficult for attackers to intercept or trick you into revealing your credentials, even if they have your password.
