Hands up if you have a Gmail account? Google and its globally popular Gmail service is now silently running the hectic, daily life of more than 500 million of us, across multiple devices. And the key to all of it, of course, is your username and password.

But what if somehow, you forgot your password? Or worse, you’re hacked – a staggering two percent of ALL the Gmails that pass through Google servers are phishing attacks. Don’t panic. Here are three steps to help keep you sane in the face of even the toughest Gmail password adversity…

  1. Go to the Google Account Recovery Site

Google really does make it very easy for you to recover an account. First up, head to the Account Recovery site online and follow the steps. By entering either your existing Gmail, or another recovery email or recovery phone number you’ve associated with your account, you can reset your password and reclaim your account in minutes. Google will regularly ask you to confirm your associated email and/or phone number, so make sure you take the time to update them.

  1. Choose a Strong Password

Amazingly, even if you’d forgotten your old password, when thinking of a new password, a surprising number of people enter the same details – a sort of memory reflex. What you should be doing is choosing something entirely new and entirely random. Make it alphanumeric, use upper and lower case. And don’t just think of it as a password – you can also use passphrases: a complex, nonsensical phrase that only you know. Prefereably, make life extra easy for yourself and let us generate a strong password for you with one-click.

  1. Take Care Where You Type Your Password

Gmail is targeted by phishing attacks frequently and even staffers themselves are tricked. But now, Google products are fighting back. In April, a new extension called Password Alert launched for Google’s Chrome browser, and can sniff out fake Google login pages and warn you that typing your password in is a really bad idea. As well as an alert, Password Alert offers you the option of resetting your password immediately, before any damage can be inflicted by the phishing attack.