How to Secure Your Gmail and Google Account
Out of all your online accounts, there’s a good chance that Google holds most of your information. Think about it: if you use Gmail for email, Chrome for web browsing, and Android for your mobile OS, then you’re already using Google for almost everything you do.
Now that you’re thinking about how much of your stuff is stored and saved by Google, think about how secure that account is. What if someone got access to your Google account? That would include bank statements in Gmail, personal files in Drive, stored pictures in Google Photos, chat logs from Hangouts, and a lot more. Scary thought, right? Let’s talk about how to make sure your account is as secure as it can be.Read more ↓
Start with a Security Checkup
Google makes checking your account security very easy: just use the built-in Security Checkup tool on your account’s “Sign in & security” page.
When you click the “Security Checkup” option, you’ll be tossed into a multi-section form that will basically just ask you to review and confirm some information—this shouldn’t take that long, but you’ll definitely want to take your time and thoroughly review the information you find here.
Set a Recovery Phone and Email
The first option is very simple: confirm your recovery phone number and email address. Basically, if you get locked out of your Google account, you’ll want to make sure this stuff is correct. Also, you’ll get an email on your recovery account whenever your primary account is logged into a new location.
See Recent Security Events
Once you’ve confirmed that info, go ahead and click “Done.” This will bring you into the Recent Security Events menu—if you haven’t made any security-related changes lately, then the odds are you won’t have anything here. If there is something and you haven’t made any changes, definitely take a closer look—this could be indicative of some sort of suspicious activity on your account. If something is listed here (as it is in my screenshot), you can find out what it is by clicking the down arrow next to the date and time. As you can see below, my specific event was the revoking of mail permission on my iPad. I no longer have that tablet, so there’s no need for it to have permission. Again, if everything looks good, give the “Looks good’ button a click.
See What Other Devices Are Logged Into Your Account
The next section may or may not take a while, depending on how many devices you have connected. This is definitely something you’ll want to pay attention to, however: if you no longer have or use a specific device, there is no reason for it to have access to your account! It’s also worth noting that if you’ve used the device semi-recently, the time, date, and location will show up next to the name. To get more information about particular devices, click the down arrow at the end of the line.
New devices will also be highlighted here, along with a warning that if you don’t recognize it, someone may have access to your account.
Clean Up Apps That Have Permission to Access Your Account
The next section is another important one: Account Permissions. Basically, this is anything that has access to your Google Account—anything you’ve logged into with Gmail or otherwise granted permissions to with your account. The list will not only show what the app or device is, but exactly what it has access to. If you don’t remember granting something access (or just no longer use the app/device in question), then click the “remove” button to revoke its account access. If it’s an account you actually use and accidentally remove, you’ll just have to re-grant it access the next time you log in.
Lastly, you’ll go over your 2-step verification settings. If you don’t have this set up, we’ll do that down below.
If you do, however, make sure everything is up to date—double check your phone number or other authentication method and confirm that your backup code amount is correct—if you’ve never used a backup code for anything but have fewer than 10 left available, something isn’t right!
If, at any point during the checkup process, you see something amiss, don’t hesitate to hit the “Something looks wrong” button—it’s there for a reason! Once you give it a click, it will automatically suggest that you change your password. If something really is wrong, that’s something you’re going to want to do.
While the checkup process itself is very useful, you’ll also need to know how to manually access and change settings yourself. Let’s look at the most common right now.
Use a Strong Password and 2-Step Verification
If you’ve been on the internet for any reasonable amount of time, then you already know the spiel: use a strong password. Your child’s name or birthday, your birthday, or anything else that can be easily guessed are not examples of strong passwords—those are the kinds of passwords you use when you basically want your data to get stolen. Hard truth, I know, but that’s what it is.
We highly, highly recommend using some sort of a password generator and manager to get the strongest passwords possible—one that’s part of a password vault is even better. My personal favorite of the bunch is LastPass, which I’ve been using for a few years now. When it comes to new passwords, this is my go-to: I just let LastPass generate a new password and save it, and I never think about it again. As long as I remember my master password, then that’s the only one I’ll ever need. You should look into doing the same—not just for your Google account, but for all your accounts! We have a full guide on how to do that here.
Once you have a strong password, it’s time to set up 2-step authentication (also commonly referred to as two-factor authentication or “2FA”). Basically, this means that you need two things to get into your account: your password, and a second form of authentication—generally something that is only accessible to you. For example, you can receive a text message with a unique code, use an authentication app on your phone (like Google Authenticator or Authy), or even use Google’s new code-less authentication system, which is my personal favorite.
That way, your device is secured with something you know, and something you have. If someone gets your password, they won’t be able to access your account unless they’ve also stolen your phone.
To change your password or set up 2-step verification, you first need to head into your Google Account Settings, then select “Sign-in & security.”
From there, scroll down to the “Sign in to Google” section, which is where you’ll see a breakdown of pertinent information, like the last time you changed your password, when you set up 2-step verification, and the like.
To change your password (which is something I am apparently long overdue for), click the “Password” box. You’ll first be asked to input your current password, then be presented with a new password entry box. Easy enough.
To set up or change your 2-step verification settings, go ahead and click that link on the main “Sign-in & security” page. Again, you’ll be prompted to enter your password. If you’ve never set up 2-step verification on your Google account, you can click the “Get Started” box to, um, get started. It’ll ask you to sign in again, then send a code either via text message or phone call…..Read more>>