How to secure your Google account
Make sure no one's getting in but you
This story has been updated. It was originally published on April 6, 2017.
Your Google account includes email, photos, Drive documents, YouTube videos, and maybe even a Google Maps review or two. Among all those features, you’ve got a lot of important information packed away behind a single password. If it falls into the wrong hands, you’re looking at a lot of unwelcome consequences.
The good news is that Google takes online security just as seriously as you (should) do. The tech giant offers a variety of account protection and security measures designed to keep unwelcome visitors out while letting you easily log in.
Sign in safely
Like many other online portals, Google supports two-step verification. That means logging into Google on a new device will require an email address, a password, and a code generated by your phone. The process places an extra barrier against anyone who might have gotten hold of your email address and password.
To set up two-step verification, and access all of your other Google account security settings, head to the My Account page on the web. Click the Security tab on the left-hand side, then find the Signing in to Google heading. There, you can configure two-step verification and change your password if you need to.
Whatever else you do to protect your account, the usual advice about choosing a strong password still applies. Make it at least 10 characters long; a mix of letters, numbers, and symbols; and ensure it’s as difficult to guess as possible. Don’t reuse passwords either: Choose a code that’s specific to your Google account (so a data hack of a different account won’t compromise your Google account as well).
While you’re adjusting your security settings, double-check your recovery email and phone number options too. These will help you regain access if you ever find yourself locked out of your account. Of course, you’ll also need to make sure these accounts are well-protected and secure, or someone could use them to force a password reset on your Google account.
Choose which devices have access
Between your smartphone, tablet, laptop, and work computer, you probably access your Google account on several devices. On the other hand, if a computer halfway across the world is logged into your account, that’s a red flag that something shady is going on. So Google lets you check on the devices that are using your account.
Google will automatically notify you by email when your account signs in on a new device or application. The alert includes the time and place of the login, so if it wasn’t you, head to the device activity page to check it out. You can also access this page from the Security tab—find where it says Your devices and click Manage devices.
[Related: How to protect all of your accounts online]
If you see something on the list you don’t recognize or that you haven’t used for a long time, click it or the three vertical dots next to it and click Sign out or tell Google you don’t recognize the device. Don’t worry about being overly cautious, because you can always sign back in on a device if you need to.
The security page is not the only place you can find a screen like this. There’s also a link at the bottom of your Gmail inbox that tells you where else your account is being used. Click on the Details link at the very bottom, and you can sign out of all the other currently active sessions on the list.
We also recommend doing a regular audit of third-party apps connected to your Gmail, which can also be done from the Security page. While these apps can be useful for improving your Gmail experience, the fewer you have connected, the better it is from a security standpoint. So get rid of any apps that you don’t use regularly or haven’t used in a long time.
Secure your smartphone
If you have an Android phone, your Google account is tied pretty tightly to it, so it’s important to review your security settings here too. Whatever type of phone you have, you should be putting up barriers via its lock screen. But on Android phones, you can find some extra security settings specific to your Google account.
From the Settings app, tap Google, then Security. You’ll see some of the same options we’ve mentioned above, as well as a few extra ones. You can, for example, turn on the feature that lets you remotely locate your phone from a computer, which can come in very handy if someone else gets hold of it. We’d also advise turning on Google Play Protect, as this monitors for suspicious activity in the apps you’ve installed on your device.
If you go to Settings, then Security, you can turn on an Android feature called Smart Lock, which lets you specify certain places where the lock screen is disabled. That way, you won’t have to bother with a password when you’re in the safety of your own home. (You can also set up your phone to be used in place of a password on a Chromebook—perhaps a glimpse of the password-free future we can all look forward to.)
[Related: Here’s your checklist for maximum smartphone security]
Once someone gets into your phone, apps like Gmail and Chrome are wide open, so it’s important to have a lengthy PIN code or fingerprint protection in place to stop that from happening. If your devices do fall into the wrong hands, use Android Device Manager to lock and wipe them remotely before any damage is done.
Preserve your privacy
Sometimes the line gets blurred between security (keeping people out of your account) and privacy (controlling what you’re sharing about yourself). Even if you set up solid layers of security to protect yourself from hackers, you might want to put walls between your online identity and Google itself, which collects lots of data about your search habits and more. Luckily, Google has plenty of options you can explore in both categories. From the My Account screen, click the Data & personalization tab to make an audit of what Google knows about you.
You’ll find lots to explore here: You can wipe your Google search history (even if you regularly clear your browser history, Google logs your searches independently), stop Google from tracking your location, and even personalize the sorts of ads you see on Google services.
For example, find the Activity controls heading and click Manage your activity controls. Click Manage activity under any of the options, then find the Delete dropdown menu. There, you’ll be able to choose how much you delete. Meanwhile, if you want to pause any of the data-collecting Google is doing, click on the options at the top of the My Activity page. It’s easy enough to sift through, and where necessary delete, the information Google has collected about your online habits.