The invention provides a method for protecting account security. The method comprises the following steps: S1, a user registers, logs in or retrieves a password by using a mobile phone number on a third-party platform; S2, the third-party platform registers with a new user identity if the mobile phone number is not stored, and acquires network access time corresponding to the mobile phone number from a specific platform if the mobile phone number is stored; S3, the third-party platform compares the network access time with binding time corresponding to the stored mobile phone number, and the step S4 or the step S5 is executed; S4, if the network access time is earlier than the binding time, the identity of the original user is logged in or the user is allowed to retrieve the password; andS5, if the network access time is later than the binding time, a new user identity is registered and the mobile phone number and the new binding time are created and stored, or not the mobile phone number is not allowed to log in or retrieve the password. Through the method, the security problem of the user account is greatly and effectively protected.