Signing in – Gemini

Welcome back — a better, safer sign-in

Use your email or a single sign-on provider to enter Gemini. We protect sign-in sessions with optional two-factor authentication, device recognition, and adaptive risk checks that run invisibly. Below you'll find a quick sign-in area and compact guidance for trouble-free access.

Quick tip: If you're on a private device, choose “Remember this device” to shorten future sign-in steps. On public devices, always sign out when you're finished.

Security note: Gemini never asks for your full password by email or chat. If you get an unexpected request to reveal credentials, treat it as a phishing attempt.

Need help? Scroll the right panel for recovery steps, troubleshooting, and privacy controls.

Recovery & account safety

If you lose access to your email, use a trusted phone number or recovery code. Store backup codes in a password manager. To disable a lost device from accessing your account, visit Device Controls after signing in.

Two-step authentication

Turning on two-step authentication (2FA) adds a second verification step such as an app code or SMS. App-based authenticators are recommended for the best protection. You can manage 2FA in Security settings.

Privacy & session controls

Gemini sessions expire after a short idle period. Use the “Sign out everywhere” option to revoke active sessions. Check the Sign-in Activity log for devices and IP addresses that have recently accessed your account.

How the sign-in flow works (step-by-step)

The sign-in experience is designed to be quick but resilient. First, you enter your email address; the system performs an initial risk check. If the account is recognized and the request appears low-risk, you'll be granted access once your password matches. If the request is medium- or high-risk (new device, location change, or suspicious patterns), Gemini prompts an adaptive challenge such as an authenticator-code or a phone verification. This model reduces friction for routine sign-ins while adding protective steps only when needed.

For corporate or education customers, single sign-on (SSO) options connect Gemini to your identity provider (IdP). With SSO, your organization handles the authentication policy — Gemini honors those controls and records the session in the activity log. You can still enable personal 2FA for added protection when allowed by your admin.

After sign-in, Gemini issues a short-lived session token and a refresh token (when you choose “Remember this device”). The refresh token is stored securely in an encrypted cookie or secure storage; it allows seamless re-authentication without entering credentials frequently. If a device is reported lost, revoking refresh tokens prevents automatic re-entry and forces a fresh sign-in with password and 2FA.

Password guidance & account hygiene

Use a strong, unique password — think of a short passphrase made of unrelated words with punctuation and mixed capitalization. Avoid reusing passwords across services. We strongly recommend pairing a password manager with app-based 2FA. Password managers generate and store high-entropy credentials, removing the cognitive load of remembering multiple complex passwords.

If you suspect your password has been exposed, change it immediately and review recent sign-in activity. Enable recovery options: a verified phone number, a secondary email, and a set of printed or stored backup codes. Keep backups offline when possible and never store recovery codes in plain text on shared machines.

Troubleshooting common sign-in issues

Can't sign in? First check your internet connection and confirm Caps Lock is off. If you're using an authenticator app but codes are rejected, ensure your device's clock is accurate — time drift can break TOTP codes. If SMS codes are delayed, wait a few minutes before requesting a new one; excessive requests may lock the channel temporarily. If problems persist, use account recovery or contact support with the last successful sign-in details.

If you see a prompt you don't recognize (for example, an email-based confirmation you didn't request), do not approve it. Immediately change your password and review connected devices. Unrecognized sessions can be revoked from the Sign-in Activity page. When contacting support, avoid sending passwords or full 2FA codes — provide timestamps, device types, and IP snippets instead.