We know you care about the security of your Grammarly account. So do we. To that end, here are our recommendations for keeping your account and personal information safe.
Use a strong password and ensure it is unique to Grammarly
Your password is a key piece of information that keeps your account safe. To help ensure your account stays safe and secure, we recommend using a password that:
- Is unique to your Grammarly account and hasn’t been used on other services.
- Has at least 8 characters in it, the longer the better! A phrase made up of multiple words can be a secure choice.
- Is not a word in the dictionary, a name, or other personal information like a birthday, address, or anniversary.
- Doesn’t contain memorable keyboard paths like “1234abcd” or “qwerty123” and doesn’t use repetitive characters such as “aaa” or “zzz.”
- Isn’t known to be commonly used on other websites or been previously exposed in a data breach.
- Does not contain common substitutions such as “$” for “s” and “8” for “B.”
We recommend you keep your password in a safe place. Password management software, also known as a password manager, can help you generate and manage strong passwords across multiple sites to make your accounts safer. We recommend the use of a password manager to help keep your online accounts safe.
Monitor the devices that have access to your account
With a Grammarly account, you can receive writing suggestions across different browsers, phones, and computers.
On Your devices page, you can check which devices currently have access to your account to make sure no one else is using it. We suggest you periodically check that only devices you are continuing to use have access to your Grammarly account.
If you see any devices that you don’t recognize, please refer to this article: What should I do if I suspect that my account was hacked?
Set up two-step verification
Two-step verification, sometimes known as two-factor authentication or 2FA, is an additional security measure to help protect your account. If you activate two-step verification, you’ll be asked to provide a six-digit code in addition to your password.
- Navigate to the Two-step verification page.
- Click Turn On. You may be asked to verify your account again by entering your password and a 6-digit code sent to your email address.
- Select which second factor you would like to use.
-
If you’d like to use a third-party authenticator app:
- Scan the barcode using your preferred third-party authenticator app.
- Click Next.
- Enter the verification code from within your authenticator app.
- Click Verify to activate two-step verification.
-
If you’d like to use text messages:
- Enter a valid phone number that can receive text messages.
- Click Send Code.
- Enter the verification code you received via text message.
- Click Turn On to activate two-step verification.
- Click Done.
Important: Save the backup codes you’ll receive in the next pop-up in a safe place. If you lose access to your phone or authenticator app, a backup code is the only way you’ll be able to sign in to Grammarly on new devices. You can print them and put them in a safe or store them in a secure file vault.
Be aware of possible phishing attempts
Phishing is an attempt to acquire your personal information by pretending to represent a website or company you trust online.
Phishers will go to great lengths to try to hijack your account or steal your personal information. They may create fake websites that look like Grammarly, or send official-looking (but fake) emails asking you for personal information.
Grammarly will never ask for any personal information in an email. This includes:
- Payment information (full credit card number, direct debit account, PIN, etc.).
- Social security number or tax identification number.
- Your account password.
Be careful if you receive an email message asking you for this or any other personal information. If you’re unsure about a link in an email, you can always hover over the link to see where it goes (you’ll see the real, linked web address at the bottom of most browsers).
Additionally, you should pay close attention to where the email came from. Here’s the full list of domains Grammarly can use to contact you:
- @grammarly.com
- @bounce.send.grammarly.com
- @send.grammarly.com
- @security.grammarly.com
- @em.grammarly.com
If you’re still not 100% sure that the website you’re on is the real Grammarly site, you can always type www.grammarly.com directly into your web browser.
Finally, if you get an email that looks like a phishing attempt, please let us know by forwarding it to support@grammarly.com. Be sure to include the full header of the email. To learn how you can check the full header of an email you received, see this article by Google: Trace an email with its full header
Keep your devices safe
In order to receive the best possible Grammarly experience, it’s important to keep your devices free of malware and viruses. Signs that your device may be infected include:
- Unusually slow or sluggish computer performance.
- Pop-up windows or advertisements.
- Unexpected reboots, crashes, or freezing.
If you think your device might be infected, you can use the anti-malware, anti-adware or anti-virus software recommended by your computer manufacturer or a trusted IT professional.
Keep in mind that malware can evolve, and other malicious programs can cause similar problems. Whichever program you choose to use, be sure to keep it updated with the latest software release.
Respond to security-related alerts
If we detect activity on your account, such as a sign-in from a new device, we may notify you of the event via email. If you did not perform the activity, we advise you to immediately follow the instructions in the notification to secure your account, starting with resetting your password. Please note that the location listed in the notification is an approximate location based on the IP address used to access Grammarly, and it may be different from your physical location.
If we detect suspicious activity on your account, we may lock your account and require you to reset your password. This will ensure your account remains secure and only the rightful owner, with access to the registered email address associated with the account, will be able to securely recover it.
Report security flaws to us
If you believe you’ve found a security vulnerability on the Grammarly website or app, we strongly encourage you to inform us as quickly as possible by submitting a report to Grammarly on HackerOne or by sending an email to security@grammarly.com. We ask that you contact us prior to disclosing the vulnerability publicly to ensure our users are kept safe. We appreciate your assistance, and we review all reports and will do our best to address the issue in a timely fashion.