We have been hearing a lot of news about YouTube channels getting hacked. If you are worried about your channel and content, we have created this handbook for you to protect your YouTube channel from hackers.
Let’s go through the best possible methods to avoid YouTube channel hacking at all.
- Use a Dedicated Google Account
- Set a Unique Password
- Change Account Password Regularly
- Secure Google Account with 2FA
- Do Not Reveal Your Email ID Elsewhere
- Do Not Sign In to Every Devices You Use
- Use Dedicated Browser or Chrome Profile (with Minimal Extensions)
- Carefully Choose Password Managers
- Be Selective About Channel Managers (Admins)
- Enable 2FA on All Manager (Admin) Accounts
- Remove Access for Unwanted Third-Party Apps and Websites
- Remove Any Suspicious Browser Extensions
- Do Not Install Apps from Unknown Sources (APKs)
- Be Careful with Emails
- Never Click Any Suspicious Links
Use a Dedicated Google Account
You can use a single Google account to create multiple YouTube channels. This could be the easiest way to handle all your YouTube channels at once but is the least secure. If a hacker gets hold of your Google account, they get access to all your YouTube channels which puts your dreams at risk. To avoid this, we strongly recommend you use a dedicated Google account for the main YouTube channel.
Not just using a unique Google account is going to protect your YouTube channel from hackers. We will explain more on how to secure your Google account to protect the channels from hackers.
If your YouTube channel is created using your regular Google ID, check out our guide to know how you can move a YouTube channel to a different Google account.
Set a Unique Password
If you are someone like Mark Zuckerberg who reused the same password, this is for you. Using the same password on multiple websites is putting you at a high risk of getting hacked. If a hacker gets your password from a less secure website where you used the same password, they can get into your Google account with the same password.
Always set a unique password for each website you sign up for and each account you make. When you start your new channel from the dedicated Google account, make sure you use a unique password as well. Always remember to keep it in your memory (or somewhere safe), and DO NOT share the password with anyone else. Do not reuse it too.
If you care about security much more, you can encrypt and store the password somewhere safe digitally using any RSA encryption tools. You will only have to remember the decrypt private key to decode the password from the encrypted form. Since the original password is encrypted with a secret key, you can have some peace of mind since nobody other than you can decipher it.
Change Account Password Regularly
This is cliche advice, but it’s really important to keep changing your passwords regularly. One way or another, there are chances that your passwords get leaked online (or dark web). If you use the same password for very much longer, and it gets leaked online without your knowledge, there won’t be time to think about what just hit you.
If you are using an iPhone, you will get password suggestions from iCloud KeyChain to set a random secured password. You can set these or create a highly secured password of your own.
Secure Google Account with 2FA
Two-Factor Authentication is the most protection you can give to your Google account apart from the password. If you still take the 2FA (Two Factor Authentication) as a silly thing, Sundar Pichai, CEO of Google (Alphabet Inc.), has recently revealed his trust in Two Factor Authentication as the best measure to protect his accounts.
If the Google account you use to manage your YouTube channel is not secured with a 2FA, it is high time you enable it. You can easily step up your Google account security with the Two Factor Authentication. Once enabled, you will be asked for a confirmation code or prompt received on your primary phone. Thus it will become useless for hackers to have your account password.
Do Not Reveal Your Email ID Elsewhere
We all tend to use one single email address for all related business purposes. It is very common to create business-related accounts using the same Gmail ID as we manage our primary YouTube channel. Let me tell you, it is for the best to stay away from doing so.
When we use the email address on any other website, we cannot deny the possibility of the breach of the email address. This puts the Google account at risk, with more hackers trying to get into our account. That being said, do not share the email address with anyone or anywhere which you use to manage your YouTube channel.
Do Not Sign In to Every Devices You Use
We all carry at least 2-3 devices as daily gear including smartphones, laptops, smartwatches, and more. You can sign in to most of these devices with a Google account. It is usually very convenient to have the ability to check the YouTube channel stats from any phone or laptop you have while on the go. But do you realize that it’s a tricky game?
We cannot be sure which of our devices is infected with spyware or vulnerabilities. If any of the phone or laptops you have ever happened to be an infected device, you will eventually compromise your YouTube channel by signing in to the Google account. Watch yourself from signing in to all your devices. Make sure you are signed in only to the necessary devices.
Use Dedicated Browser or Chrome Profile (with Minimal Extensions)
Although Google lets you sign in to multiple Google accounts at once, try not to mix things up. Firstly, it is better to keep the personal and professional stuff apart so that you will have a proper distinction. As a matter of fact, it will help you protect your YouTube channel from any threats that affect the primary browser or personal accounts.
You can either choose a different browser or a new browser profile to manage the YouTube channel. For Google Chrome users, you can create a new Chrome profile and sign in with your dedicated Google account that you use to manage your YouTube channel.
DO NOT install any unwanted extensions or apps to this newly created browser or profile. It must have only anything that is related to your YouTube channel and keep anything else away from it. If necessary, look for ways to lock and secure your Chrome browser.
Carefully Choose Password Managers
Password Managers are great at keeping our passwords safe in one place. But blindly trusting any such apps that offer to store your password is for no good. Not all such password managers have the security they claim to have.
If you want to save your YouTube account password safely, give the first priority to offline storing. If you want to sync and store across your devices, use the Google Password Manager which comes default with the Chrome browser.
You can find if your passwords are compromised with the Chrome Password Manager. Plus you can import your offline passwords to Google Password Manager.
There are third-party password managers you can still use. Make sure you go through the reviews, forums, communities, any recent breach news before picking a password manager to use.
Be Selective About Channel Managers (Admins)
You can add managers and owners to your YouTube channel to handle things smoothly. But if you are not careful, this can be disastrous. Adding unwanted people as your YouTube channel managers may be harmful to your channel.
Also, do not respond or click any link on any emails or alerts you get to add some unknown profiles as a manager for your YouTube channel. Remember, always be selective about who can be a manager or admin in your YouTube channel.
Enable 2FA on All Manager (Admin) Accounts
Enabling 2FA authentication on the primary account alone is not going to help in this battle. If you added a few other people as your channel managers, make sure they all have enabled the 2FA (Two Factor Authentication) on their Google accounts.
If they don’t, hackers might be able to access their accounts and thus get control over your YouTube channel and its contents. This is a really important step to do since many YouTube channel hacking have been reported due to the same reason.
Remove Access for Unwanted Third-Party Apps and Websites
Do you usually sign in to websites by clicking “Sign in with Google” for the sake of easiness? No, there’s nothing wrong with that. But it’s a way that hackers can have access to your Google account, YouTube channels, and their data.
Some apps or websites you signed in with Google may not be protected as you think, or is just a pretentious scam app trying to hack you. Whether you suspect any app or not, take a look at the apps and websites that have access to your Google accounts and remove them if necessary.
To check for the apps and websites that you signed in with the Google account, head to Google My Account > Security > Third-party apps with account access. Follow our detailed guide for a step-by-step guide to identify and remove unwanted apps that access your Google account.
Remove Any Suspicious Browser Extensions
Browser extensions and plugins give your browser a superpower to do a lot of tasks. These extensions mostly have access to the websites and web content you visit. Now you can guess why it is critical to manually review the browser extensions that you use.
On Chrome browser, open Menu > More Tools > Extensions to see all the active and installed extensions. You can remove or disable any from the list with just a click.
Do Not Install Apps from Unknown Sources (APKs)
There’s always an app for everything. But should you trust all of them? Anything can masquerade as an actual app while trying to steal your data. So be cautious about where you install apps and software from. If you are installing apps on your Android phone, make sure to install no apps outside the Google Play Store. DO NOT install modded, illegal or unwanted APKs since we cannot know what chaos they will bring.
For your PC, you can get apps from Microsoft Store. If you need to install apps using EXE files, make sure they are legitimate and trustworthy. Before installing any software or app, make sure it is from a reputed developer, and you are downloading from the original source.
Note: It doesn’t mean an APK file is safe to install even if it is recommended by your favorite YouTuber or influencer.
Be Careful with Emails
Whether you reveal your email elsewhere or not, you may get hit by some spam emails. Your inbox may get filled with spam and phishing emails. If you are not sure whether the email is safe to open, delete the email without opening it.
Some emails may contain trackers and whatnot. You can block any type of email hacks and trackers by opening it in the Apple Mail app, which lets you disable mail trackers on emails.
Never Click Any Suspicious Links
We always advise our peers to be careful about the links they receive on social media, even if they seem legit. “Always look for the green padlock” does not work anymore since any website can have an SSL certificate at a cheap cost. So you have to be vigilant about any link that you are about to click.
Some phishing links may will even you a Google lookalike sign-in page, where you may accidentally give away your email and password to your YouTube channel. So, be extra careful about the link you click.
That’s all our best advice to keep your YouTube channel safe from hackers and other threats. Leaving a little loophole at any side can put you and your years of hard work at risk. There have been incidents where channels got hacked, and the AdSense was permanently blocked even when they were recovered. Be extra careful about protecting your YouTube channel with all the