If you live in Gmail and other Google services, your Google account is one of your most valuable online assets. Follow these seven steps to establish a solid baseline of security and protect that account from intruders.
An online criminal who gets hold of those credentials can cause chaos and do catastrophic damage to your online life, which is why it’s important to protect your Google account from being compromised.
In this post, I list seven steps you can take to help you lock that account down so it’s safe from online attacks. (And please note that the steps described in this article are about personal accounts associated with free Gmail addresses. Google’s paid business services, including Google Workspace, are managed by domain administrators. Although some user configuration steps are the same, administrators can set policies that affect security settings. If your Gmail account is provided by your employer, check with them about best practices for securing that account.)
This level is sufficient for most ordinary PC users, especially those who don’t use their Gmail address as a primary factor for signing in to other sites. If you’re helping a friend or relative who’s technically unsophisticated and intimidated by passwords, this is a good option.
At a minimum, you should create a strong password for your Google account. That password should be one that’s not used by any other account.
In addition, you should turn on 2-step verification (Google’s term for multi-factor authentication) to protect yourself from phishing and other forms of password theft. When that feature is enabled, you have to supply an additional proof of your identity when you sign in for the first time on a new device or when you perform a high-risk activity, such as paying for an online purchase. The additional verification typically consists of a code sent as an SMS text message to a trusted device or a prompt sent to a smartphone.
Those baseline precautions are adequate, but you can tighten security significantly with a couple extra steps.
First, set up your smartphone as an authentication factor, using an app such as Google Authenticator. You can also sign in on a smartphone using your Google account, which automatically enables it to receive prompts for use as a sign-in and verification option. Then remove the option for using SMS text messages to verify your identity.
With that configuration, you can still use your mobile phone as an authentication factor, but a would-be attacker won’t be able to intercept text messages or spoof your phone number.
For the most extreme security, add at least one physical hardware key along with the Google Authenticator app and, optionally, remove personal email addresses as a backup verification factor. That configuration places significant roadblocks in the way of even the most determined attacker.
This configuration requires an extra investment in hardware and it definitely adds some friction to the sign-in process, but it’s by far the most effective way to secure your Google account. If you need assistance feel free to call us here at Frankenstein Computers – (512) 419-9777.
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more. Give us a call for remote support or drop in to drop off.