Need help setting up a new Gmail account from scratch

I’m trying to create a brand new Gmail account for personal use but keep getting confused by the different setup options and security settings. I don’t want to miss any important privacy steps or recovery methods. Can someone walk me through the correct way to set up a new Gmail account, including usernames, passwords, and backup options so I don’t get locked out later?

Here is a simple step by step setup that hits the important privacy and recovery stuff without extra junk.

1. Start the account

• Go to gmail.com and click “Create account”.
• Pick “For my personal use”.
• Use a name that is fine to show to others. This shows in email headers.
• Choose a username that does not expose your full name or birthday if you care about privacy.

2. Strong password

• Use at least 12–16 characters.
• Mix letters, numbers, symbols.
• Do not reuse a password from any other site.
• Best option is to use a password manager and let it generate something random.

3. Recovery options
   On the setup screens or right after:

Go to:
Account icon top right
Manage your Google Account
Security tab

Set these:

• Recovery email

  • Use an email you control that is not logged in on shared devices.
  • Avoid work email if your job controls access.

• Recovery phone

  • Use your real number if you want stronger recovery.
  • If you do not want to share your main number, use a separate SIM or VoIP number you control.
  • Without a number, recovery is harder, so your password must be solid.

4. Two factor authentication (2FA)
   Still under Security tab.

• Under “Signing in to Google” select “2-Step Verification”.

• First option is SMS codes to your phone. Easy, but weaker if someone hijacks your number.

• Better option is an authenticator app.

  • Install Google Authenticator, Authy, or similar.
  • Choose “Authenticator app” in 2-Step setup.
  • Scan the QR code with the app.
  • Enter the 6-digit code to confirm.

• Turn on “Backup codes” in the same area.

  • Download or print them.
  • Store in a safe place, not on the same device.

5. Privacy settings
   Go to:
   Data & privacy tab

Key settings:

• Web & App Activity

  • Turn off if you do not want search and activity history saved to the account.
  • At minimum, set auto delete to 3 or 18 months.

• Location History

  • Turn off unless you want full location tracking history.

• YouTube History

  • Turn off or set auto delete.

• Ad settings

  • Under “Ad privacy”, turn off “Personalized ads” if you want less tracking.

6. Less obvious security tweaks
   Still in Security tab.

• Check “Devices” and remove devices you do not recognize.
• Under “Your devices” enable alerts for new logins if offered.
• Under “Third party access” remove any app you do not trust.

7. Inbox and sending identity

• Go to Gmail inbox.

  • Gear icon top right, then “See all settings”.

• Under “General”:

  • Set your “Signature” and “Display external images” to “Ask before displaying external images” if you want less tracking.

• Under “Accounts and Import”:

  • Make sure “Send mail as” shows the name you want others to see.
  • You can use only first name or nickname if you prefer.

8. Backup of important stuff

• Keep your password manager entry updated.
• Store recovery codes offline.
• Confirm that recovery email works before you forget the password.

9. Quick checklist

• Strong unique password
• Recovery email set
• Recovery phone set or intentionally skipped
• 2FA with an app
• Backup codes stored
• Web & App Activity and Location History adjusted
• Display name checked

If you want, reply with where you get stuck in the flow. Is it the 2FA part, recovery info, or the privacy settings screens.

Couple of extra angles to add on top of what @sonhadordobosque already laid out:

1. Decide how “real” you want this account to be

   • If this is your main personal account, use your real name and accurate birthday. It matters for age-restricted stuff and account recovery.
   • If it’s more “semi-anonymous,” I’d still keep the birthday correct or at least close. People fake it and then regret it when recovery fails.

2. Don’t rush the phone number decision

   • I partly disagree with tying everything to your real number if privacy really matters to you.
   • One option: add your phone only long enough to pass Google’s “suspicious activity” checks, then later remove it and rely more on recovery email and backup codes.
   • Just remember: less phone = more responsibility on you to not lose the password and codes.

3. Recovery email strategy that people skip

   • Make a “backup” email on a different provider (Outlook, Proton, whatever) and use that only for recovery.
   • Log into it maybe once every month or two so it does not get closed.
   • Do not share that address around; treat it like a spare key.

4. 2FA: consider security keys if you’re paranoid

   • Authenticator apps are solid, but hardware keys (like YubiKey or Titan Key) are even stronger.
   • Tradeoff: if you lose both the keys and your backup codes, you’re toast. So only do this if you’ll actually keep a written note / codes somewhere safe.
   • For most people: app + backup codes is enough.

5. Minimal privacy setup that still keeps things usable
   In your Google Account → Data & privacy:

   • Web & App Activity: instead of turning it fully off, you can keep it on and use auto delete at 3 months. That gives you semi-useful history without a lifetime log.
   • Location History: I’d turn this completely off unless you really use Timeline. It’s one of the more sensitive logs.
   • YouTube History: I leave it on with auto delete because otherwise YouTube recommendations get dumb fast. Up to you, but it’s not as creepy as location in my opinion.

6. Use “Checkup” tools instead of hunting every menu

   • In your Google Account, search for “Security Checkup” and “Privacy Checkup.”
   • They walk you through most of this stuff in a linear flow so you don’t have to click around 20 tabs.
   • Do this once right after creating the account, then again maybe once a year.

7. Small Gmail-specific tweaks that help privacy/tracking

   • Settings → General → turn off “Smart features and personalization” if you don’t want Gmail mining your mail to do auto suggestions and things like that. It breaks some conveniences but cuts some data use.
   • Also under General: set “Images” to “Ask before displaying external images.” This blocks a ton of tracking pixels in newsletters and marketing emails.

8. Write your own tiny “account recovery plan”
   Sounds nerdy, but it works:

   • One physical note (in a drawer, safe, etc.) that has:
     • Your exact Gmail address
     • Where the backup codes are stored
     • Which password manager you used
     • Which recovery email you picked
   • Don’t write the actual password, just enough info so Future You remembers how this thing is set up.

If you want to narrow it down, say which part is tripping you up the most:

• Phone / recovery info
• Two factor setup
• Privacy toggles in Data & privacy

Easy to walk through just that bit step by step so it doesn’t feel like a wall of buttons.

You already got the “how-to” from @sognonotturno and @sonhadordobosque, so I’ll zoom in on strategy rather than more button-click steps.

1. Decide what this Gmail is “for” before you touch any settings

Ask yourself:

• Is this my main identity account (banking, government, family)?
• Or a public / semi-anonymous account (newsletters, sign-ups, forums)?
• Or a throwaway?

Why it matters:

• Main identity → real name, real birthday, stable recovery methods, stronger 2FA (authenticator app or key).
• Semi-anonymous → you still want good recovery but you might choose a less identifiable username and display name.
• Throwaway → minimal recovery options, limited personal info, but accept that if you lose access, it is gone.

A lot of confusion happens because people mix all three roles into one inbox.

2. One thing I disagree on: overcomplicating recovery for casual users

The others are right that phone numbers and multiple backups increase safety, but for many non-technical users that just creates more “moving pieces” to lose.

If you know you are not great at managing codes and extra accounts, a simple but solid setup is better:

• Strong unique password in a password manager
• One recovery email on a different provider
• One 2FA method you actually understand and will keep using

No fancy hardware keys unless you are willing to treat them like jewelry.

3. Treat recovery like real-world spare keys

Concrete pattern that works well:

• Your Gmail is the “main house.”
• Recovery email is a “locked drawer” somewhere else.
• Backup codes are a “key hidden at a trusted place.”

Good practice:

• Recovery email on another provider
• Log in to that recovery email every month or two so it stays active
• Write on paper:
  • Gmail address
  • Name of your password manager
  • Where your backup codes are stored
    and store that paper in a stable place

Do not write the actual password.

4. Minimal privacy setup that still keeps Google usable

Instead of toggling everything off:

• Allow Web & App Activity but with short auto delete (3 months).
• Disable Location History unless you absolutely love timeline features.
• Keep YouTube History if you care about recommendations, again with short auto delete.
• In Gmail itself, turn off automatic external images to cut tracking pixels.

That balance keeps the account useful without being a long-term log of everything.

5. Regular “mini checkups”

Once the account is live and stable, do this every 6 to 12 months:

• Review devices that are logged in and remove old phones or laptops.
• Check 2FA methods and backup codes are still where you think they are.
• Skim third-party app access and revoke anything you do not recognize.

This is more important than obsessively perfect settings on day one.

If you want to narrow it from here, say which part still feels messy:

• having your real info on the account,
• how much to trust phone verification, or
• which privacy toggles to actually flip.