Use Google? 5 new ways to secure your account
November 21, 2020
By Kim Komando
I found a few fun facts from a recent Digital Shadows report interesting. Some 15 billion stolen account passwords from over 100,000 data breaches are available on the web. Passwords sell for around $15 each. Bank and financial account credentials cost much more, as you might expect, at $70.
There’s a site that maintains a regularly updated database of stolen email addresses and passwords. Enter your email address, and odds are, you’ll see your password along with it. Tap or click here to find out if your email address and password are for sale on the Dark Web.
Your email address could also be used to send spam on behalf of hackers and scammers without your knowledge. Fortunately, another site will tell you if your email address or domain is being used for that nefarious purpose. Tap or click here to check for that.
Google accounts are in demand for obvious reasons. Think about it. Your single sign-in likely opens a world into not only your Gmail but also your contacts, calendar, documents, files, photos and more stored with Google.
Get a free security checkup
Google’s Security Checkup service gives you a quick overview of your account security and the devices currently signed in to your account. This is a terrific place to start. You want to see all the green checkmarks.
Google will alert you to any potential security issues such as compromised passwords, recent security issues, apps that can access your data, and more. Pay close attention to the “Your Devices” section. You may find you’re logged into a few places you haven’t used in a while, or an old device is still tied to your account.
It’s definitely worth the time to check each section and follow Google’s recommended fixes. When I ran the check, Google recommended that I turn on Advanced Protection.
While it’s a hassle, my account’s extra protection is worth the two additional seconds it will take to sign in. I now need to authenticate any new sign-ins to my Google account by tapping “Yes” on my phone. More about this in Step 5 to come. Let’s start with the almighty password.
1. Deal with another annoying password
I’d be remiss in not stressing the importance of having a complex, unique password for each of your various online accounts. Run this Google check on your account passwords to learn if they were compromised, see how strong they are and if you’ve used them any more than once.
You know the password drill. Make it 15 characters or longer and include numbers, capital letters, punctuation marks or symbols. Don’t use your name, birthday numbers (day, month, year), or any personal information.
Tap or click here to learn more about creating unbreakable passwords.
Be sure to set up two-factor authentication (2FA), too. This way, you get a text message sent to your phone with a code when you log in from a different device, browser or location. Tap or click here to set up Google 2FA.
2. Set up a stronger 2FA method
There’s an even more robust way to verify your identity: Google Authenticator. It’s an app that generates 2FA codes. So instead of getting a 2FA code on your phone, you’ll open the app to get the code.
This app is a necessity if you are getting your text messages on your phone and another device. It’s relatively simple for someone else to get the 2FA code needed to sign in to your account.
Here’s how to set it up.
- First, download the Google Authenticator app for iOS and Android.
- Go to your Google account management page, then click Security.
- Under “Signing in to Google,” click 2-Step Verification.
- Under “Add more second steps to verify it’s you,” find “Authenticator app” and tap Set up. Then, follow the on-screen instructions.
- Choose your device, then click Next to reveal a scannable QR code.
- Now, open your phone’s Google Authenticator app and tap the “+” sign to set up a new account.
- Select Scan a barcode, then scan the QR code displayed on your browser with your camera. A six-digit code will be generated on your phone.
- Back on your web browser, click Next.
- Type the 6-digit code as your 2FA code on your web browser, then click Verify.
You’re all set.
3. Make sure you can get back in your account
Next, set your recovery options in the event you forget your password or switch devices. This is how you get back into your Google account or change the password if you forget it, someone else is using your account, or you get locked out for some other reason.
Follow the steps below to add, change, or delete your recovery phone number.
On Android:
- On your Android phone or tablet, open your device’s Settings app > Google > Manage your Google Account.
- At the top, tap Security.
- Under “Ways we can verify it’s you,” tap Recovery phone. You might need to sign in.
On iPhone or iPad:
- On your iPhone or iPad, open the Gmail app.
- Tap the three-line menu > Settings > your account > Manage your Google Account. If you don’t use Gmail, go to myaccount.google.com.
- At the top, tap Security.
- Under “Ways we can verify it’s you,” tap Recovery phone. You might need to sign in.
From your computer:
- Go to your Google Account.
- On the left navigation panel, click Personal info.
- On the “Contact info” section, click Add a recovery phone to help keep your account secure.
4. Review devices signed in your account
Google records every device you’re currently logged in to. Did you use a friend’s computer a while ago? If you forgot to log out, anyone might be able to snoop around. Luckily, it’s easy to sign out remotely.
Do a quick check to see which devices are connected to your account:
- Go to your Google Account.
- On the left navigation panel, select Security.
- On the Your devices panel, select Manage devices.
- You’ll see devices where you’re currently signed in to your Google Account. For more details, select a device.
With just a click, you can log out. That’s one security threat wiped away.
5. Use Google’s Advanced Protection Program
The Advanced Protection Program is Google’s strongest layer of security. Advanced Protection is recommended for anyone at risk of targeted online attacks, such as journalists, activists, business leaders, and IT admins. Anyone can use it, though.
Advanced Protection requires an Android running 7.0 or higher or an iPhone running iOS 10.0+. You can also use a physical key through your computer.
To add this protection to your account, visit Google’s Advanced Protection support page.
https://www.komando.com/tips/cybersecurity/secure-your-google-account-2/