HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
Filip TRUTA @FilipTrout
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt
HOW TO.... • Industry News • Tips and Tricks

10 ways to deadbolt your Google account

February 15, 2019
7 Min Read

2018 alone has seen billions of accounts hacked across a wide range of applications and services, proving once more that even the biggest Internet players can’s always keep users’ accounts under lock and key.

Hackers are increasingly apt at flying under the radar, making life hard for everyone in their crosshairs. While big companies have regulations like GDPR to fear, end users are finding it increasingly necessary to arm themselves with good password hygiene and best practices.

Some vendors are more diligent than others, security-wise, but most give users plenty of options to deploy additional security layers, like two-factor authentication (2FA), recovery email, or printed security codes. As the biggest aggregator of user-generated data on the web, Google offers a wide range of security layers that users can opt in and out of, depending on their privacy needs, security awareness, or convenience. This guide offers a comprehensive look at these out-of-view options that every user should be aware of, and use to their advantage.

1. Security Checkup

Your first step towards deadbolting your Google account across your entire fleet of devices is to visit the web giant’s Security module at: https://myaccount.google.com/security, then click on Get Started. This takes you to the Security Checkup sub-menu, which offers quick access to key options that help keep your account secure.

Depending on your current settings, your Google Security Checkup pane will look something like the screenshot above. Regardless of your current configuration, these actions should apply to everyone.

2. Manage Your Devices

In this section, Google displays the devices you own that are currently linked to your Google account with admin permissions. The three-dotted button to the right of every listed device lets you remove any gadgets that you no longer use with your account.

If you choose “don’t recognize this device,” Google immediately recommends you change your password, as your credentials might have been compromised. This doesn’t necessarily mean someone hacked Google and stole your password. In fact, hackers typically buy stolen credentials leaked in other (high-profile) breaches, then use techniques like credential stuffing to try to compromise the victim’s entire online presence, whether it be Google, Facebook, Twitter, Instagram, LinkedIn, their bank account, or anything in between.

In the main Security module, Google also lets you find a lost or stolen phone.

3. Recent Security Events

Bought a new phone? Logged in with your Google account on a company-issued laptop? Google will keep track of these “events” in this special section, allowing you to stay on top of your activity across devices, and flag any unrecognized events in case something goes awry. Choosing to generate backup codes (more on that below) will also be registered as an event, as the image above shows.

4. Two-Step Verification

Also known as Two-Factor Authentication (2FA) or Multi-Factor Authentication, this must-have setting should be enabled on every service that offers it, not just your Google account. In fact, two-step verification has become a rule of thumb in recent years. If hackers manage to dupe you with a well-crafted phishing email, this setting becomes a life-saver: without your second-trusted device to receive that one-time passcode, hackers can’t break in. If Two-Step Verification is off, consider turning it on sooner rather than later.

Google offers additional “factors” of authentication if you follow the link included in the prompt. These include setting up a Google Prompt (a ‘yes-or-no’ prompt, rather than a code to enter), voice or text message authentication, and even unique backup codes that you can download or print out to use as authentication tokens anywhere you go.

The 2-Factor Verification module also offers a quick way to instantly revoke trusted status from your devices that skip 2-Step Verification.

5. Authenticator app

Google offers even more convenience via a handy Authenticator app that you can grab on the App Store (iOS) or Google Play Store (Android). Just pick your platform, get the app on your handset, set up your account in the app and scan the QR code that Google provides. It’s not necessarily more convenient than entering your password, since Authenticator involves entering a verification code. But it’s still a useful option. The best thing about it is you can get verification codes for every service that supports TOTP (time-based one-time password). Also, it doesn’t require a network or cellular connection. In case 2FA fails because your reception is bad, Authenticator comes to the rescue!

6.(Physical) Security key

Google advertises its Titan Security Keys as “phishing-resistant two-factor authentication (2FA) devices that help protect high-value users such as IT admins.” Using such a key may sound like overkill for the average Joe, but this convenient USB dongle completely eliminates the need to punch in one-times codes or passwords. It’s also useful for journalists investigating sensitive matters, activists, business leaders, and political campaign teams.

7. Third-Party Access

In the Security Checkup module, Third Party Access lists external (non-Google) apps and services tied to your Google account. It is advisable to remove any apps and services that you no longer use or want associated with your Google account. To learn more about any of the items, click the “i” button to see what data they collect and how.

In the main Security panel, down below, is a section called “Signing in to other sites,” which lists all the services, including websites, that authenticate you via Google. Keep only the sites and services you use actively. Any site or service you no longer want connected to your Google account should disappear from that list. If one of them gets breached, your password could be compromised.

And in the Saved Passwords module, you can see (and delete) all the login credentials you’ve used with third-party sites and services.

8. Set a recovery phone and / or email

You want at least one other way Google can reach you in case something suspicious happens to your account, or you accidentally get locked out. That’s why you can set a recovery phone, a recovery email, or both. You can do this in the main Security pane. Select your option and follow the on-screen instructions to set them.

9. Refresh your password

Considering the frequency with which data breaches are reported and customer credentials are compromised, it’s a very good idea to give your password a good refresh once in a while.

Google is one of the few services that tells you how old your password is. In the main Security pane, you’ll find a section called “Signing in to Google.” There, you can change your password and 2-step verification settings. You’ll need to use at least eight characters, and it’s a good idea to use both uppercase and lowercase letters, numbers and even special characters (@#$&%).

The “App Passwords” section lets you set passwords you can use to sign in to your Google account from apps on devices that don’t support 2-Step Verification. You’ll only need to enter it once so you don’t need to remember it.

10. Download a copy of your (Google-collected) data for review

Many of us have been using Google most of our lives. Considering how many services it commands and how embedded Google is in everyday life, we can only imagine how much data the tech giant holds on every one of us. While much of this data is collected justifiably, so that we can enjoy reliable services like Maps, it’s still a good idea to review the data and maybe tweak those privacy nobs a bit.

You can export a copy of your data here. Just select or deselect the services you want or don’t want to be included in the archive and click “Next” at the bottom of the page. Google will begin work on your archive which, according to the search giant, can take hours or even days to complete. An email will then be sent to you with a link to download said archive.

That’s about it! Feel free to browse around your account’s security and privacy modules to configure the best settings that work for you. Stay safe out there!

Tagsgoogle google account security how to password password hygiene slider tips and tricks

You may also like

Industry News

Dutch Energy Supplier Blames Cyber Intrusion on Data Breaches Suffered by Other Companies

2 days ago
Digital Identity • Digital Privacy • Industry News

Australian Police Email Mistakenly Identifies Gun Owners

2 days ago
Digital Privacy • Industry News

FTC Orders Popular Women’s Fertility-Predictor App to Stop Misleading Users about Health Info Shared with Data Analytics Providers

2 days ago

About the author

View All Posts

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

In Lead-up to Elections, Australia Confirms Nation-State Attack on Infrastructure, Political Parties
Automatic 4K/HD for Youtube extension pulled from Chrome Store for pop-up ad abuse
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt

Promo

1.3m
Fans
Like
104.9k
Followers
Follow
2.7k
Subscribers
Subscribe
19
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • Meurig Parri on Microsoft Ends Support for Windows 7. What You Need to Know
  • Kevin on Cable Haunt vulnerability affects millions of Broadcom cable modems
  • Terry on Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas
  • Martin on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre
  • Xander on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Time Machine

January 2021
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Dec    

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok