Securing Your Google Account

Keeping your Google account secure is critical in today's world of online accounts and identities. This guide provides actionable recommendations on improving your Google account's security posture through steps like using strong passwords, enabling two-factor authentication, limiting account access, managing privacy settings, and more.

Why is Google Account Security Important?

Your Google account holds a wealth of personal data. A compromised account can lead to identity theft, financial loss, account takeovers, data theft, and even damage to your reputation. Taking proactive measures minimizes these risks and ensures your online safety.

Contents

• Use a Strong and Unique Password
• Enable Two-Factor Authentication
• Be Wary of Phishing Attempts
• Review Account Activity and Alerts
• Update Recovery Options
• Limit Account Access
• Check If Your Email Is On The Dark Web
• Utilize Google's Security Tools
• Practice Safe Browsing Habits
• Manage Privacy Settings
• Additional Security Best Practices
• Account Recovery Recommendations
• Google Advanced Protection Program (GAPP)

Use a Strong and Unique Password

• 12-16+ characters, upper/lowercase letters, numbers, symbols
• Do not use personal information or common words/phrases
• Use a unique password not shared with any other accounts
• Password manager to generate and store unique passwords
• Change passwords every 90 days, avoid reusing passwords

🔝 Back to Top

Enable Two-Factor Authentication

• Use 2FA for account logins on all devices
• Avoid using SMS 2FA for accounts with sensitive information due to SIM swapping risks
• Print and securely store backup verification codes
• Consider app-based authentication options like Google Prompt or authenticator apps

Security Keys

• Use hardware keys (e.g., YubiKey, Google Titan) for robust 2FA, offering better protection against phishing than other 2FA methods.

🔝 Back to Top

Be Wary of Phishing Attempts

Identifying and Avoiding Phishing

• Closely inspect sender addresses and URLs.
• Hover over links before clicking to verify legitimacy.
• Employ VPN over public Wi-Fi.
• Forward suspicious emails to Google's phishing team.
• Be cautious of Google impersonation scams asking for personal info

🔝 Back to Top

Review Account Activity and Alerts

Check Recent Activity

Enable Alerts:

• Suspicious login attempts
• Account recoveries
• New device sign-in notifications
• Customize alerts for changes to sensitive account settings

🔝 Back to Top

Update Recovery Options

• Maintain current recovery email and phone numbers.
• Ensure the recovery email is also secured with strong passwords and 2FA.
• Have multiple backup recovery methods.
• Review and update every 6 months.

🔝 Back to Top

Limit Account Access

• Review third-party app permissions regularly
• Revoke access for any unknown/unused apps to prevent "zombie apps"
• Be cautious when granting account access permissions to new apps/services. Review requested permissions carefully.
• Use Incognito Mode on public devices
• Never save login credentials on shared devices

🔝 Back to Top

Check If Your Email Is On The Dark Web

• Utilize Google One's scan feature to see if your email address has been exposed on the dark web due to data breaches.
• Set up regular monitoring for your email addresses to detect potential breaches early.
• Act promptly by updating security measures and changing passwords if a breach is detected involving your information.

🔝 Back to Top

Utilize Google's Security Tools

• Run Google's Security Checkup for personalized recommendations
• Enable Google's Password Alert feature to detect potential phishing
• Review settings using Privacy Checkup
• Be mindful of information shared publicly on your account

🔝 Back to Top

Practice Safe Browsing Habits

• Keep software, operating systems, and browsers up to date
• Use reputable antivirus software
• Be cautious of downloads from unknown sources
• Avoid suspicious websites
• Follow best practices to reduce malware risks that could compromise accounts

🔝 Back to Top

Manage Privacy Settings

1. Managing and reviewing privacy settings:

   • Adjust data sharing settings for personal info, browsing and YouTube history, ad personalization, etc.
   • Opt out of data collection where possible
   • Use Google's My Activity page to see and manage activity data

2. Controlling ad personalization:

   • Understand how ads are personalized based on your data
   • Adjust Ad Settings to control ad personalization or opt out
   • Install privacy-focused browser extensions to limit tracking

3. Limiting location tracking:

   • Review location history and delete unwanted location data
   • Adjust location sharing settings for Google apps
   • Turn off location services when not needed

4. Managing Google Photos privacy:

   • Understand photo sharing options and privacy implications
   • Review and adjust shared album settings
   • Use Archive or private albums for sensitive photos

5. YouTube privacy considerations:

   • Manage YouTube watch and search history
   • Adjust video privacy settings (public, unlisted, private)
   • Be mindful of personal info shared in videos/comments

6. Gmail privacy tips:

   • Understand Gmail's data usage for features like Smart Compose
   • Adjust Gmail confidential mode settings for sensitive emails
   • Be cautious of sharing private info in emails

🔝 Back to Top

Additional Security Best Practices

• Conduct periodic manual account security reviews
• Check permissions of browser extensions with account access
• Backup data securely, including Google Takeout for full account data
• Consider physical security keys for Advanced Protection
• Stay informed about latest security threats and best practices

🔝 Back to Top

Account Recovery Recommendations

Recovering Access to Your Account

• Use backup verification codes
• Print out backup codes as an extra precaution
• Store backup codes securely like in a password manager
• Complete the account recovery form accurately.
• Contact Google Support for additional assistance.
• Be cautious of scams posing as Google reps during recovery

🔝 Back to Top

Google Advanced Protection Program (GAPP)

• For users at higher risk of targeted attacks (journalists, activists, etc.)
• Requires using physical security keys for authentication
• Implements stricter account recovery processes
• Limits third-party app access to Gmail and Drive
• Offers strongest defense against phishing and hijacking
• Restricts some Google services, evaluate if tradeoff is appropriate

How to Enroll:

1. Purchase two physical security keys (one as backup).
2. Go to the Advanced Protection Program page to enroll.
3. Review changes to account access and recovery.

Benefits:

• Enhanced security against sophisticated attacks
• Peace of mind for high-risk users
• Google support in securing account and info

🔝 Back to Top

---

Printable Quick Reference

• Use a strong 12-16+ character password unique to your Google account
• Enable 2FA using security keys or authentication apps, avoid SMS
• Be cautious of phishing attempts and Google impersonation scams
• Review account activity and enable alerts for suspicious actions
• Keep recovery info updated with multiple verified methods
• Remove access for unused third-party apps, check permissions
• Monitor if your email appears in dark web data breaches
• Utilize Google's security tools like Security Checkup
• Follow safe browsing practices to avoid malware
• Manage privacy settings for data sharing, ads, location, Photos, YouTube
• Consider Advanced Protection for high-risk users