How to secure your Google account

Your Google account includes email, photos, Drive documents, YouTube videos, and maybe even a Google Maps review or two. Between all those features, you've got a lot of important information packed away behind a single password. If it falls into the wrong hands, you're looking at a lot of unwelcome consequences.

The good news is that Google takes online security just as seriously as you (should) do. The tech giant offers a variety of account protection and security measures designed to keep unwelcome visitors out while letting you easily log in.

Like many other online portals, Google supports two-step verification. That means logging on to Google on a new device will require an email address, a password, and a code generated by your phone. The process places an extra barrier against anyone who might have gotten hold of your email address and password.

To set up two-step verification, and access all of your other Google account security settings, head to the My Account page on the web. Click the Signing into Google link, and you can configure two-step verification, as well as changing your password and security questions if you need to.

Whatever else you do to protect your account, the usual advice about choosing a strong password still applies. Make it at least 10 characters long; a mix of letters, numbers, and symbols; and ensure it's as difficult to guess as possible. Don't reuse passwords either: Choose a code that's specific to your Google account (so a data hack of a different account won't compromise your Google account as well).

While you're adjusting your security settings, double-check your recovery email and phone number options too. These will help you regain access if you ever find yourself locked out of your account. Of course, you also need to make sure these accounts are well-protected and secure, or someone could use them to force a password reset on your Google account.

Between your smartphone, tablet, laptop, and work computer, you probably access your Google account on several devices. On the other hand, if a computer halfway across the world is logged into your account, that's a red flag that something shady is going on. So Google lets you check on the devices that are using your account.

Lower down on that same Sign-in & security page, click the Manage Settings link under the Security alerts heading. This tells Google how you want to be notified if a new computer or mobile device accesses your account. You can set it up to receive immediate alerts about suspicious activity, which can make all the difference in keeping your accounts protected.

Look under Device activity & notifications to see computers, phones and tablets with access to your account. If you see something in the list you don't recognize or that you haven't used for a long time, select it and click Remove. Don't worry about being overly cautious, because you can always sign back in on those devices if you need to.

The security page is not the only place you can find a screen like this. There's also a link at the bottom of your Gmail inbox that tells you where else your account is being used. Click on the Details link in Gmail, and you can sign out of all the other currently active sessions on the list.

We also recommend doing a regular audit of third-party apps connected to your Gmail, which again can be done from the Sign-in & security page. While these apps can be useful for improving your Gmail experience, the fewer you have connected, the better from a security standpoint. So get rid of any apps that you don't use regularly or haven't used in a long time.

If you have an Android phone, your Google account is tied pretty tightly to it, so it's important to review your security settings here too. Whatever type of phone you have, you should be putting up barriers via its lock screen. But on Android phones, you can find some extra security settings specific to your Google account.

From the Settings app, tap Google then Security. You'll see some of the same options we've mentioned above, as well as a few extra ones. You can, for example, turn on the feature that lets you remotely locate your phone from a computer, which can come in very handy if someone else gets hold of it. We'd also advise turning the Verify apps feature on, as this monitors for suspicious activity in the apps you've installed on your device.

If you go to Settings then Security, you can turn on an Android feature called Smart Lock, which lets you specify certain places where the lock screen is disabled. That way you don't have to bother with a password when you're in the safety of your own home. (You can also set up your phone to be used in place of a password on a Chromebook—perhaps a glimpse of the password-free future we can all look forward to.)

Once someone gets into your phone, apps like Gmail and Chrome are wide open, so it's important to have a lengthy PIN code or fingerprint protection in place to stop that from happening. If your devices do fall into the wrong hands, use Android Device Manager to lock and wipe them remotely before any damage is done.

Sometimes the line gets blurred between security (keeping people out of your account) and privacy (controlling what you're sharing about yourself). Even if you set up solid layers of security to protect yourself from hackers, you might want to put walls between your online identity and Google itself, which collects lots of data about your search habits and more. Luckily, Google has plenty of options you can explore in both categories. From the My Account screen, click Personal info & privacy to make an audit of what Google knows about you.

You'll find lots to explore here: You can wipe your Google search history (even if you regularly clear your browser history, Google logs your searches independently), stop Google from tracking your location, and even personalize the sorts of ads you see on Google services.

For example, click on Go To Activity Controls and then click Manage Activity under YouTube History to review and delete any searches you've carried out on the video sharing site. Meanwhile, if you want to pause any of the data-collecting Google is doing, use the simple toggle switches on the Activity Controls screen. It's easy enough to sift through, and where necessary delete, the information Google has collected about your online habits.

It ultimately comes down to how much you trust Google. For clarification on how it uses that data, you can read Google's privacy policy online. For example, those YouTube searches are used to recommend new videos you might like, and that location history lets Google do smart stuff such as tell you about commute times to the office. But it's up to you where you draw the line.

Online security has never been more important. For more information, check out our guide to protecting all your accounts.