Google Security

tag: [Community & Marketing, Security Specialist]

Google provides a wide range of services including email, file storage, search, and more. Protecting your Google account is one of the most crucial things to do, and Google offers multiple ways to enhance your account security. Here are five simple steps you can take right now to secure your Google account.

Standard Security

Configure 2FA

Properly configuring your two-factor authentication (2FA) settings is one of the most important steps you can take. Disable SMS 2FA and enable either an authenticator app or a hardware security key (preferred).

  1. Go to Google 2-Step Verification
  2. If “Voice or text message” is enabled, disable it
  3. If you don’t have an Android device, configure an “Authenticator app” or “Security Key”. If you do, you can continue to use “Google prompts”
  4. Store your backup codes in a safe place

Remove Recovery Methods

Google uses heuristics for account recovery, but having your phone number as a recovery method can make it easier for attackers to steal your account after cloning your phone number. Email can also be a weak point if it is not properly secured.

  1. Go to Google Recovery Phone
  2. If a recovery phone is present, remove it
  3. If this Google account is your primary account and you are confident you will not need to perform account recovery:
    1. Go to Google Recovery Email
    2. If a recovery email is present, remove it

Hide Personal Information

Ensure your personal information is not publicly visible, reducing the risk of attackers using it to impersonate you.

  1. Go to Google Profile
  2. For each item in your profile, check if it’s set to “Anyone”. Consider whether the information can be used by an attacker to impersonate you.
    • Set your birthday to private if it isn’t already

Manage Active Sessions

Review your active sessions to ensure you’re not logged in anywhere unexpectedly.

  1. Go to Google Device Activity
  2. If there are any sessions you don’t recognize, terminate them

Manage OAuth Applications

OAuth connections can sometimes request extensive permissions, such as full access to your inbox or files. Review and manage these applications.

  1. Go to Google Connections
  2. For each app or service, click on it to review its permissions. If you’re not using it or the permissions are excessive, remove its access to your Google account

Extended Security

Advanced Protection Program

If you’re a public figure or influencer, you may want to enroll in the Advanced Protection Program for enhanced security measures. This program enforces the use of security keys, blocks unverified apps, and makes account recovery more difficult.

  1. Go to Google Advanced Protection Program
  2. Complete the steps to enroll in the program