Google’s services are often the best free offering in their market segment. You probably have at least one Google account yourself, and likely use it daily for various tasks, both personal and professional. With so much sensitive data involved in the process, it’s important to secure your Google account against unauthorized use. The following changes are a good place to begin.
1. Check Google’s Security Checkup Tool
Google provides a built-in security checkup tool that offers recommendations and settings to keep your account safe. It lists potential security issues in your account and suggests solutions to fix them. For example, it may ask you to enable two-factor authentication, remove inactive devices, or change your password.The security checkup tool is quite useful for people who don’t want to check each security setting manually. To use this tool, follow these steps:
- Open the Google account page and log in with your Google account.Click on the “Security” tab in the left sidebar.
- You will find the “You have security recommendations” panel at the top. Click on “Protect your account” to see the available recommendations for your Google account. You can also reach this security web page directly from this link: myaccount.google.com/security-checkup.
- Go through all the recommendations and take action wherever required as guided by Google.
Instead of running the security checkup tool, you can manually go through various security setting offered by Google and make the changes we recommend below.
2. Set a Strong Password
Is your Google password based on something that one could easily figure out, like your name, birthday, partner’s name, address, etc.? Then stop reading this post and please change your password ASAP as shown below.
- Open the Google account security web page in a browser.Scroll down and click on “Password” in the “Signing in to Google” panel.
- You will be asked to enter your current password. Type the password and add the new password on the next page.
Please make sure to use a long and complex password containing at least one number, one capital letter, and one special character in addition to the normal characters. Also, do not use common words or anything related to your personal life, and change your password every six months. That’s good practice for all of your passwords.
3. Use Two-Factor Authentication (2FA)
Generally, you enter your email ID and password to log in to your Google account. We recommend inserting an extra step here – enable two-factor authentication to add another security layer to your account.With 2FA enabled, logging in to your Google account on new devices will require your email address, password, and an additional code to verify that it is you. This way nobody can log in to your Google account even if they have your email address and password. The 2FA code will be sent:
- as a voice or text message,as a prompt on currently signed-in devices,to an authenticator app, orto a physical security key if you have purchased one.
You can even download and print offline backup codes just in case you don’t have access to your phone when you want to log in.
How to Enable 2FA
To turn on 2-Step Verification (a type of 2FA) for your Google account, follow these steps:
- Open the Google account security web page.Scroll down and click on “2-Step Verification” under the “Signing in to Google” section.
- Click “Get Started” on the screen that shows up to begin the 2FA setup.
- Enter your Google account password to verify it’s you.Google recommends using your phone as a second step to verify your identity. In this method, you will receive a prompt on your mobile when you sign in from a new device. Just tap the notification prompt and allow the device. Here you will see all the devices set up to receive the prompt.
- Now, scroll down a bit and click on “Show more options.” Select “Text message or voice call” and click on Continue. Enter your phone number, select the mode of communication – call or SMS – and click “Next” to move on.
- Enter the code you receive on your phone on the next screen.If the code is correct, you will see the “Turn On” button. Click on it to begin using 2FA for all future logins.
Use an app like Google Authenticator or a password manager to generate 2FA codes on your device instead of using SMS as texts can be easily intercepted.
Add Backup Methods
Once 2-Step verification is turned on, you can view and enable other code generation methods.
- Open the Google account security web page.Click on “2-Step verification” and enter your Google account password.
- Scroll down and click on one of the available methods to set it up as a fallback to generate 2FA codes.
4. Add or Update Recovery Email and Phone Number
It’s essential to connect one of your other emails to Google as a recovery account. This will allow you to regain access to your Google account if you cannot log in, either because you’ve forgotten your password or because something else has gone wrong. It’s ideal to have both a phone number and an email address as recovery options. In case one doesn’t work, you will still have access to the other option.To add a recovery email and phone number:
- Open the Google account security web page.Scroll down to the “Ways that we can verify that it’s you” section. Here you will see your current recovery phone number and email address. If you have access to them, you are in safe hands; you can jump to the next security method.
- However, if you see an old (or missing) phone number or email address, click on Recovery phone and Recovery email one by one, and follow the on-screen instructions to update your information.
5. Unlink Third-Party Apps You No Longer Use
Your Google account can be used to log in to third-party apps like extensions, add-ons, apps, and similar services. You might have granted permission to such tools to access data associated with your Google account, such as your Google documents, contacts, etc. While it’s safe to do so, it’s always a good idea to go through the list of these apps occasionally and revoke permissions from apps that you no longer need or don’t recognize.
- On the Google Security web page, click on “Manage third-party access” under the “Third-party apps with account access” section, or, directly open the Google account permissions page.
- You will see the apps connected to your Google account. Click on an app that you don’t use and hit the “Remove access” button to disconnect the app from your account. Repeat this process for all apps you don’t use or recognize.
Note: Revoking app access will not delete your account from the third-party app. It only revokes the app’s access to your Google account.
6. Unlink Suspicious and Inactive Devices
Similar to apps, you should also go through the list of devices where you are signed in to your Google account. Then, remove old or inactive devices and those you don’t recognize as yours.
- On the Google Security web page, click on “Manage devices” under the “Your devices section.” You will then see a list of devices having access to your Google account.
- To remove any device, click on the three-dot icon on it and select “Sign out” from the pop-up menu.
7. Turn on Enhanced Safe Browsing
Google offers another built-in tool to protect you from dangerous websites, downloads, and extensions. Here’s how to enable it.
- On the Google security web page, scroll down and click on “Manage Enhanced Safe Browsing.”
- Enable the toggle for “Enhanced Safe Browsing”.
8. Encrypt Your Synced Chrome Data
If you are especially worried about the sanctity of the Chrome data that is syncing to your account, enable a passphrase to add a security layer to it. Once you do so, you will need the passphrase whenever you turn on sync for Chrome on any new device.
- Open Google Chrome on your desktop and click on the three-dot icon at the top right.Go to Settings in the pop-up menu.
- On the page that shows up, go to “You and Google” in the left sidebar. Then, click on “Sync and Google services” on the right.
- Expand the Encryption options and select “Encrypt synced data with your own sync passphrase” and follow the on-screen instructions to set up encryption.