Block access to your Google service on a lost device

Supported editions for this feature: Business Starter, Standard and Plus; Enterprise; Education Fundamentals and Plus; G Suite Basic and Business; Essentials; Cloud Identity Free and Premium.  Compare your edition

If a user loses their device, you can block unauthorized access to their account.

When a device is at risk

An unauthorized user could potentially access the data for your Google service on a lost or stolen device if:

  • The device has an open connection to the user’s managed Google account (for example, their Google Workspace or Cloud Identity account).
  • The device stores cookies that allow connecting without entering a username and password.
  • The user installed a third-party service on the device and gave it access to their Google data.

Reset a user’s sign-in cookies

Here’s how to sign the user out of all current HTTP sessions and reset their sign-in cookies. Doing so requires them to enter their username and password to sign back in to their account. 

Note: If you suspended a user, you don't need to do this. Suspending a user resets their sign-in cookies.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. From the Admin console Home page, go to Users.
  3. In the Users list, find the user. If you need help, see Find a user account.
  4. Click the user's name to open the user's account page.
  5. Click Security to open the settings.
  6. Click Sign-in cookies and then Reset.
  7. (Optional) To return to the user’s account page, at the top right, click the Up arrow "" .

It can take up to an hour to sign the user out of current Gmail HTTP sessions. The time for other applications can vary.

Wipe a mobile device

If the mobile device is managed by Google endpoint management and synchronization is turned on, you can remotely remove data from the device. You can choose to remove all data or only data for your Google service. The user’s Google data will still be available through a web browser and other authorized mobile devices.

Revoke authorized access

Users can allow third-party services to access their managed Google account. For example, a user might install a diagramming app that needs access to their Google Drive files so it can create diagrams or flowcharts. When the app is installed, it will ask the user to grant access to the data for their Google service.

If a device is lost or stolen, you can revoke this access so the app can’t access the user’s data anymore. For details, see View user security settings and revoke access.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue