Need help changing my Gmail password securely

General
1

I’m trying to change my Gmail password after a possible security issue, but I’m confused by Google’s settings and keep ending up on different account pages. Can someone walk me through the exact steps to update my Gmail password safely, including where to click and what to check so I know my account is secure?

2

Yeah, Google’s account pages are a mess. Here is the clean path to change your Gmail password safely.

  1. Go to the right place

    • In a browser, go to: myaccount.google.com
    • Make sure you are logged into the correct account in the top right.
    • If it is wrong, click your profile picture, hit “Sign out of all accounts”, then log back in with the one you want.

  2. Open the Security section

    • On the left side, click “Security”.
    • Scroll to the section “How you sign in to Google”.
    • Click “Password”.

  3. Confirm your identity

    • Google asks for your current password first.
    • Type the old password.
    • If you forgot it, click “Forgot password” and follow the recovery steps with phone or backup email.

  4. Set the new password

    • New password field.
    • Confirm new password field.
    • Use at least 12 characters.
      Example: mix of words plus symbols.
      Like: “blue!train_93Trees”
    • Do not reuse a password from another site.
    • Click “Change password”.

  5. Force sign out on other devices

    • After changing, go back to “Security”.
    • Find “Your devices”.
    • Click “Manage all devices”.
    • For any device you do not recognize or no longer use, click it, then “Sign out”.

  6. Check recent activity

    • In “Security”, find “Recent security activity”.
    • Review logins, password changes, new devices.
    • If something looks off, hit the “No, it was not me” or similar option and follow prompts.

  7. Update recovery options

    • Still in “Security”, go to “Ways we can verify it’s you”.
    • Add or update:
      • Recovery phone
      • Recovery email
    • These help if you get locked out.

  8. Turn on 2 step verification

    • Under “How you sign in to Google”, click “2-Step Verification”.
    • Click “Get started”.
    • Sign in again.
    • Choose “Google Prompt” on your phone or an Authenticator app.
    • Avoid only using SMS if you can, because SIM swap attacks exist.
    • Save backup codes in a secure place.

  9. Clean up other places

    • If the “possible security issue” involved malware or a sketchy link:
      • Run a scan on your computer with a known antivirus.
      • Change the password from a clean device.
    • If you used this same password on other sites, change it on those sites with unique passwords.

  10. Quick checklist

  • You changed the password at myaccount.google.com.
  • You see the new password change in “Recent security activity”.
  • You signed out old devices.
  • You turned on 2 step verification.
  • Recovery phone and email look correct.

If you keep landing on random Gmail or Google pages, type the full URL yourself in the address bar and log in fresh. Do not follow old bookmarks or weird links from email.

3

Couple of extra angles to add on top of what @cacadordeestrelas already laid out, since Google loves scattering settings everywhere:

  1. Start from Gmail itself (to avoid wrong-account confusion)

    • Open Gmail in a browser.
    • Top right: click your profile picture.
    • Confirm the email address is the one you’re worried about.
    • In that little menu, click “Manage your Google Account”.
    • That dumps you into the same account center, but already scoped to the right account so you’re less likely to drift to the wrong one.

  2. Use an incognito/private window if you juggle multiple accounts

    • If you often sign into more than one Google account, normal tabs can keep you in the wrong session.
    • Open a private / incognito window, then:
      • Go to gmail.com
      • Log in to the one specific account
      • Then use “Manage your Google Account” from there.
    • This isolates that one account and avoids the “why did it switch accounts again” nonsense.

  3. Verify you are actually at Google and not a fake page
    Since you mentioned a possible security issue, before typing any password:

    • Check the address bar: it must start with https://accounts.google.com/ or https://myaccount.google.com/.
    • Click the padlock icon and confirm the certificate says “Google LLC”.
    • If the URL looks weird at all (extra words, numbers, .top/.xyz domains), close it and type the address manually.

  4. Do the password change from a “clean” device
    This gets ignored a lot, but it matters more than just making a fancy long password.

    • If there is any chance your computer is infected (random popups, strange extensions, weird redirects):
      • Use a different known‑clean device (like your phone on mobile data or a different computer you trust) to change the password.
    • Afterward, run:
      • A full antivirus scan
      • A scan with something like Malwarebytes
        A keylogger completely defeats even the best password.

  5. Browser extensions & password managers

    • Temporarily disable shady browser extensions before logging in and changing your password, especially anything that “manages” tabs, coupons, or downloads. Some are fine, some are sketchy.
    • Use a real password manager (Bitwarden, 1Password, etc.) to generate and store the new password.
      • That way you don’t reuse it and you don’t accidentally store it in a random text file or notes app.

  6. Double‑check account access on “Third‑party access”
    @cacadordeestrelas covered devices and 2FA, but if you suspect a compromise, also check stuff that has API access to your Google account:

    • In the same Google Account center, go:
      • Security
      • Scroll to “Third‑party access” / “Third‑party apps with account access”
    • Remove anything you don’t recognize or no longer use.
    • Pay attention to anything with access to Gmail specifically.

  7. Look inside Gmail for forwarding & filters (super important)
    If someone had access, they might have set things up to keep spying even after you change the password.
    In Gmail (the web interface):

    • Click the gear icon → “See all settings”.
    • Check:
      • Filters and Blocked Addresses
        • Look for filters that:
          • Forward mail to another address
          • Automatically archive/delete specific messages (like password reset emails).
      • Forwarding and POP/IMAP
        • Make sure there is no mysterious “Forward a copy of incoming mail to…” set.
    • If there’s anything you don’t recognize, remove it.

  8. Review “App passwords” if you use them

    • If you ever set up app‑specific passwords for older apps or devices, go into:
      • Security → “2‑Step Verification” → scroll down to “App passwords”.
    • Remove ones you don’t need or don’t recognize.
    • If you’re worried, you can just revoke them all and re‑create only the ones you truly use.

  9. After changing the password: sanity check
    Once the password is changed and you’ve done the clean‑up:

    • Log out in that browser.
    • Log back in using the new password to confirm it works.
    • Try on at least one other device (phone or another browser) to make sure it syncs everywhere.
    • If you’re using a password manager, confirm the saved entry fills in and logs you in correctly so you don’t lock yourself out.

  10. If you’re still getting bounced around pages
    Slightly disagree with the idea that just typing the URL solves all of it. With multiple logged‑in accounts, Google still plays musical chairs.
    My workaround:

  • In an incognito window:
    • Go to accounts.google.com/Logout to nuke any session.
    • Then go straight to gmail.com and log into only the account you care about.
    • From there, use “Manage your Google Account”.
      That tends to keep you chained to the same account context.

If you hit a specific screen that confuses you (like it dumping you into the wrong account page again), grab a description of the URL/text you see and post it. The exact wording of the page helps figure out which part of Google’s maze you landed in.

4

Skip repeating the paths already covered by @viajeroceleste and @cacadordeestrelas. They nailed the “where to click.” I’ll focus on what to check afterward to be sure the password change actually secured things.

  1. Confirm the new password is in effect

    • Log out of Google on one device.
    • Try logging back in.
    • If any device still logs in without asking for the new password, manually sign out there and back in.

  2. Check for quiet ways someone might still spy on you
    In Gmail:

    • Settings → “See all settings” → “Accounts and Import”.
      • Look under “Check mail from other accounts” and “Send mail as”.
      • Remove any unknown addresses that can read or send as you.
    • Also verify that no secondary account has “Treat as an alias” with something you do not recognize.

  3. Audit login locations instead of just “devices”

    • In the security area, look at recent sign‑ins and locations.
    • If you see logins from a city or country that is clearly not you, do both:
      • Hit the “was not me” option.
      • Change the password again from a different, clean device.

  4. Think about where the compromise might have come from
    This matters more than many people think. Just changing the Gmail password is half the job. Ask yourself:

    • Did you enter your Google password into any “login with Google” popups from a random site?
    • Did you reuse the same password on another site that leaked data?
    • Did you click a login link in an email that might have been fake?
      Fixing the source (phishing, password reuse, infected machine) is what prevents a repeat.

  5. Stop using your Gmail password anywhere else
    If your Gmail password exists on any other website, change those accounts too. Your email is the master key for password resets everywhere, so it must be unique.

  6. Backup access that does not rely only on your phone
    After your password is updated and 2‑step verification is on:

    • Print or write down backup codes.
    • Store them in a safe place at home.
    • Do not just keep them in Gmail or in a notes app signed into the same account.

About the product title ‘’
Honestly, there is no concrete product visible here to recommend. If this were a real tool for managing Google security, its pros would be things like: centralizing steps, offering reminders for recovery options, and guiding less technical users. Cons would typically be privacy concerns and overreliance on a third‑party layer in front of your Google account. Given the lack of specifics, I would not depend on it over Google’s built‑in security center and a well known password manager.

Last thing: if you still find yourself jumping between different account pages, I actually disagree a bit with trusting old bookmarks or browser autofill. Use a fresh private window, type the Google domain manually, and only sign into the one account you care about. That simple habit prevents half of the confusion people run into during security fixes.