We know you care about the security of your Grammarly account. So do we. To that end, here are our recommendations for keeping your account and personal information safe.
To protect your account:
Use a strong password and ensure it is unique to Grammarly
Your password is a key piece of information that keeps your account safe. To help ensure your account stays safe and secure, we recommend using a password that:
- Is unique to your Grammarly account and hasn’t been used on other services.
- Has at least 8 characters in it, the longer the better! A phrase made up of multiple words can be a secure choice.
- Is not a word in the dictionary, a name, or other personal information like a birthday, address, or anniversary.
- Doesn’t contain memorable keyboard paths like ‘1234abcd’ or ‘qwerty123’ and doesn’t use repetitive characters such as ‘aaa’ or ‘zzz’.
- Isn’t known to be commonly used on other websites or been previously exposed in a data breach.
- Avoids using common substitutions such as ‘$' for ‘s’ and ‘8’ for 'B’.
We recommend you keep your password in a safe place. Password management software, also known as a password manager, can help you generate and manage strong passwords across multiple sites to make your accounts safer. We recommend the use of a password manager to help keep your online accounts safe.
Enable two-step verification
- Sign in to your Grammarly account and click Security in the pane on the left side of the page.
- Click Turn On. You may be asked to verify your account again by entering your password.
- Enter a valid phone number that can receive text messages.
- Click Send Code.
- Enter the verification code you receive via text message.
- Click Turn On to enable two-step verification.
- IMPORTANT: Please save the backup codes you’ll receive in the next popup in a safe place. If you lose access to your phone, a backup code is the only way you’ll be able to sign in to new devices. You could print them and store them securely in a safe, or store them in a secure file vault.
Be aware of possible phishing attempts
Phishing is an attempt to acquire your personal information by pretending to represent a website or company you trust online.
Phishers will go to great lengths to try to hijack your account or steal your personal information. They may create fake websites that look like Grammarly, or send official-looking (but fake) emails asking you for personal information.
Grammarly will never ask for any personal information in an email. This includes:
- Payment information (full credit card number, direct debit account, PIN, etc.).
- Social security number or tax identification number.
- Your account password.
Be careful if you receive an email message asking you for this or any other personal information. If you're unsure about a link in an email, you can always hover over the link to see where it goes (you'll see the real, linked web address at the bottom of most browsers).
Additionally, you should pay close attention to where the email came from. Here's the full list of domains Grammarly can use to contact you:
If you're still not 100% sure that the website you're on is the real Grammarly site, you can always type www.grammarly.com directly into your web browser.
Finally, if you get an email that looks like a phishing attempt, please let us know by forwarding it to email@example.com. Be sure to include the message header information, which can be found by using this Google article.
Keep your devices safe
In order to receive the best possible Grammarly experience, it's important to keep your devices free of malware and viruses. Signs that your device may be infected include:
- Unusually slow or sluggish computer performance.
- Pop-up windows or advertisements.
- Unexpected reboots, crashes, or freezing.
If you think your device might be infected, you can use the anti-malware, anti-adware or anti-virus software recommended by your computer manufacturer or a trusted IT professional.
Keep in mind that malware can evolve, and other malicious programs can cause similar problems. Whichever program you choose to use, be sure to keep it updated with the latest software release.
Respond to security-related alerts
If we detect activity on your account, such as a sign-in from a new device, we may notify you of the event via email. If you did not perform the activity, we advise you to immediately follow the instructions in the notification to secure your account, starting with resetting your password. Please note that the location listed in the notification is an approximate location based on the IP address used to access Grammarly, and it may be different from your physical location.
If we detect suspicious activity on your account, we may lock your account and require you to reset your password. This will ensure your account remains secure and only the rightful owner, with access to the registered email address associated with the account, will be able to securely recover it.
Report security flaws to us
If you believe you've found a security vulnerability on the Grammarly website or app, we strongly encourage you to inform us as quickly as possible by submitting a report to Grammarly on HackerOne or by sending an email to firstname.lastname@example.org. We ask that you contact us prior to disclosing the vulnerability publicly to ensure our users are kept safe. We appreciate your assistance, and we review all reports and will do our best to address the issue in a timely fashion.