Google has said it will start deleting inactive accounts that have remained unused for two years from December 2023, as the company aims to prevent security threats such as spam, phishing scams and account hijacking.
The Alphabet-owned company said forgotten or unattended accounts are usually more vulnerable to cyber attacks as they often use old or reused passwords and have not had two-factor authentication set up.
To minimise this risk, Google is updating its inactivity policy for accounts to two years across its products.
From December, if a Google account has not been used or signed into for two years, the company will delete the account and its contents. These include content within Workspace (Gmail, docs, drive, meet and calendar), YouTube and Google Photos.
The company’s internal analysis showed that inactive accounts are at least 10 times less likely to have two-step-verification set up.
“These accounts are often vulnerable, and once an account is compromised, it can be used for anything from identity theft to a vector for unwanted or even malicious content, like spam,” Ruth Kricheli, vice president of product management at Google, said.
After the announcements, Alphabet's shares were up almost 3 per cent, trading at $119.96 a share on Tuesday.
The new inactivity policy will only apply to personal Google accounts and will not affect business accounts such as schools or organisations.
“This update aligns our policy with industry standards around retention and account deletion and also limits the amount of time Google retains your unused personal information,” Ms Kricheli said.
The company said it will carry out the exercise in a phased manner and will send sufficient notices to account holders before deleting their accounts.
Usually, Google look at several signals to understand whether users are still using their Google account. These include their last sign-ins, recent activity in my activity, usage of Gmail (for example, the Gmail app on the phone), and Android check-ins.
How to keep your account active
“The simplest way to keep a Google account active is to sign-in at least once every two years. If you have signed into your Google Account or any of our services recently, your account is considered active and will not be deleted,” Ms Kricheli said.
Activity might include reading or sending an email, using Google drive, watching a YouTube video, downloading an app on the Google Play store, using Google search and using sign-in with Google to access a third-party app or service.
How will Google delete inactive accounts?
Google will start deleting accounts from December.
First it will delete accounts that were created but never used again.
The company said it will send multiple notifications over the months leading up to deletion, to both the account email address and the recovery email.
