In an effort to tighten security measures, Google has announced an update in its policies regarding inactive accounts. In a blog post, the tech giant stated that since inactive accounts are likely to be more compromised, the policy has been updated: now, accounts that are not used or signed in for at least two years will get their content deleted. This includes content within Google Workspace (Gmail, Docs, Drive, Meet, and Calendar), YouTube, and Google Photos.
According to Google, inactive accounts are more compromised because they often rely on old or re-used passwords that may have been compromised, haven’t had two-factor authentication set up, and receive fewer security checks by the user. Abandoned accounts are at least 10x less likely than active accounts to have two-step verification set up, the post said.
The policy only applies to personal Google accounts, and will not affect accounts for organisations like schools or businesses, Google added.
Google will only begin deleting such accounts from December 2023. It will also send multiple notifications before deletion, to both the account email address and the recovery email.
To curb account deletion users can take a few actions before the phased deletion begins, according to Google:
- Reading/sending emails
- Using Google Drive, Google Search, or YouTube
- Downloading an app on Google Play Store
- Using Google to sign in to a third party app or website.