Sign up Plans
Thank you! Your feedback helps us improve.

How can I keep my account secure?

We know you care about your account security. We do too. Here are our recommendations to keep your account and personal information safe.

Use a strong and unique password

Your password is a key piece of information that keeps your account secure. To help ensure your account stays safe and secure, we recommend using a password that:

  • Is unique and hasn’t been used on other services.
  • Consists of at least 8 or more characters. A phrase made up of multiple words can be a secure choice.
  • Is not a word in the dictionary, a name, or other personal information like a birthday, address, or anniversary.
  • Does not contain memorable keyboard paths like “1234abcd” or “qwerty123” and doesn’t use repetitive characters such as “aaa” or “zzz.”
  • Is not used on other websites and has not been previously exposed in a data breach.
  • Does not contain common substitutions such as “$” for “s” and “8” for “B.”

We recommend using password management software, also known as a password manager, to generate and manage strong passwords across multiple sites, making your accounts safer.

Monitor the devices that have access to your account

You can use one account across different browsers, phones, and computers.

On Your devices page, you can check which devices currently have access to your account to make sure no one else is using it.

If you see any devices that you don’t recognize, please refer to this article: What should I do if I suspect that my account was hacked?

Note: The option to see your devices is currently unavailable for Superhuman accounts.

Set up two-step verification

Two-step verification, also known as two-factor authentication or 2FA, is an additional security measure to help protect your account. If you activate two-step verification, you’ll be asked to provide a six-digit code in addition to your password.

Note: Two-step verification is currently unavailable for Superhuman accounts.

To activate two-step verification, follow these steps:

  1. Navigate to the Two-step verification page.
  2. Click Turn On. You may be asked to verify your account again by entering your password and a 6-digit code sent to your email address.
  3. Select which second factor you would like to use.
  4. If you’d like to use a third-party authenticator app:
    1. Scan the barcode using your preferred third-party authenticator app.
    2. Click Next.
    3. Enter the verification code from within your authenticator app.
    4. Click Verify to activate two-step verification.
  5. If you’d like to use text messages:
    1. Enter a valid phone number that can receive text messages.
    2. Click Send Code.
    3. Enter the verification code you received via text message.
    4. Click Turn On to activate two-step verification.
  6. Click Done.

Important: Save the backup codes you’ll receive in the next window in a secure location. If you lose access to your phone or authenticator app, a backup code is the only way you’ll be able to sign in to your account on a new device.

Be aware of possible phishing attempts

Phishing is an attempt to acquire your personal information by pretending to represent a website or company you trust online.

Phishers will go to great lengths to try to hijack your account or steal your personal information. They may create fake websites that look like the ones you use or send official-looking (but fake) emails asking you for personal information.

We will never ask for any personal information in an email. This includes:

  • Payment information (full credit card number, direct debit account, PIN, etc.).
  • Social security number or tax identification number.
  • Your account password.

Be careful if you receive an email message asking you for this or any other personal information. If you’re unsure about a link in an email, you can always hover over it to see where it leads (you’ll see the actual web address at the bottom of most browsers).

Additionally, you should pay close attention to where the email came from. Here’s the full list of domains we may use to contact you:

  • @info.superhuman.com
  • @hello.superhuman.com
  • @notifications.superhuman.com
  • @grammarly.com
  • @bounce.send.grammarly.com
  • @send.grammarly.com
  • @security.grammarly.com
  • @em.grammarly.com
  • @info.grammarly.com
  • @mail.grammarly.com
  • @grammarly.zendesk.com
  • @notifications.grammarly.com
  • @notification.grammarly.com

If you’re still not 100% sure whether the website you’re on is the real one, you can always type www.grammarly.com or www.superhuman.com directly into your web browser.

Finally, if you receive an email that appears to be a phishing attempt, please let us know by forwarding it to support@grammarly.com. Be sure to include the full email header. To learn how you can check the full header of an email you received, see this article by Google: Trace an email with its full header

Keep your devices safe

To ensure optimal performance, keep your devices free of malware and viruses. Signs that your device may be infected include:

  • Unusually slow or sluggish computer performance.
  • Pop-up windows or advertisements.
  • Unexpected reboots, crashes, or freezes.

If you think your device might be infected, you can use the anti-malware, anti-adware, or anti-virus software recommended by your computer manufacturer or a trusted IT professional.

Keep in mind that malware can evolve, and other malicious programs can cause similar problems. Whichever program you choose to use, be sure to keep it updated with the latest software release.

Respond to security-related alerts

If we detect activity on your account, such as a sign-in from a new device, we may notify you of the event via email. If you did not perform the activity, we advise you to immediately follow the instructions in the notification to secure your account, starting with resetting your password. Please note that the location listed in the notification is an approximate location based on the IP address used to access your account, and it may be different from your physical location.

If we detect suspicious activity on your account, we may lock your account and require you to reset your password. This will ensure your account remains secure, and only the rightful owner, with access to the registered email address associated with the account, will be able to securely recover it.

Report security flaws to us

If you believe you’ve found a security vulnerability on our website or in one of our applications, we strongly encourage you to inform us as quickly as possible by submitting a report on HackerOne or by sending an email to security@grammarly.com. We ask that you please contact us prior to disclosing the vulnerability publicly to ensure our users remain safe. We appreciate your assistance, and we will do our best to review and address all reports promptly.

Was this article helpful?
Tell us what you think. We promise to act on your feedback to make Grammarly's support pages even more helpful.
Have more questions? Submit a request
security privacy unauthorized fraud identity theft unauthorised fraudulent answer-bot