In this guide, we will go over important tips to help secure your Gmail, YouTube, and other Google accounts, keeping your personal data as safe as possible.
Your Google account is used to log in to Google-owned services like Gmail, Drive, Photos, Docs, Sheets, etc. You might have your bank statements, expense reports, private files, photos, videos, device backups, and so much more stored on these.
Additionally, most of us use our Gmail email address to create accounts on Facebook, Twitter, Instagram, and elsewhere. This email is also used to reset forgotten password.
For these reasons, securing your Google account is of paramount importance.
1. Use a strong device lock on your phone and computer
Your device passcode is the first line of defense to secure all your accounts and data. So, make sure you have set a strong alphanumeric password on your iPhone, iPad, Android phone, or computer.
2. Always log out on other devices
If the need arises where you have to log in to your Google account on another device like that of a friend, cyber cafe, or a public library, try to log in to your account in a private/incognito browser tab. Once you finish your work, remember to log out or clear the entire web browser data.
3. Turn on two-factor authentication
This is one of the most important steps to secure your Google account. Once you turn on two-factor authentication (2FA), you will have to authenticate again with a prompt on your phone or a code after entering the right password. So, even if someone knows your Google password, they won’t be able to log in and exploit your data, as 2FA will prevent that.
Here’s how to set up two-factor authentication for your Google account.
- Visit Google account settings at myaccount.google.com and sign in if you aren’t already. You can also tap your profile picture in the Gmail app and select Manage your Google Account.
- Select Security.
- Now, tap 2-Step Verification and set it up using an authenticator app, phone number, etc. The process is similar to setting up 2FA for other services like Twitter. While you do that, remember to save the backup codes and keep them somewhere safe. They will be useful if your primary two-step verification methods, like phone or mobile number, are inaccessible.
4. Make sure the right backup email and phone numbers are added
Another important thing to check is that you have added a working email address and phone number as the backup for your Google account. This will ensure that if you forget your password, Google can reach you on these added email addresses or phone numbers and help you regain access to your account.
To check this, go to Google account settings > Personal info and update the Contact info section.
5. Stay signed in to the Gmail app on your phone
Even if you rarely use one of your Google accounts, I’d recommend keeping it signed in on the Gmail app on your iPhone, iPad, or Android phone. If you lose your account password, Google can easily show a prompt inside the Gmail app or send an email to help recover your account.
6. Log out of devices you no longer use
If you no longer have access to an old phone or computer of yours, go to Google account settings > Security. Find the Your devices section and tap “Manage all devices.” Now, select the old device you no longer use and hit Sign out.
Additionally, you can return to the 2-Step Verification screen and remove access for all trusted devices.
7. Revoke access for previously allowed apps and services
It’s easy to sign up on apps and websites using Google. However, if you no longer use a service or do not recall giving it the necessary access, go to Google account settings > Security. Tap See all connections under Your connections to third-party apps & services. Now, select a service and tap “Delete all connections you have with that service.”
8. Prefer other means of signing up, like Apple, Facebook, etc.
In addition to periodically removing unneeded services, you can also choose not to use Google when signing up for third-party apps. Instead, you can use Apple, Facebook, Microsoft, or some other available options.
9. Regularly change your Google password
Another thing you should do is update your Google account password regularly, like once every 3 or 6 months. Even if your password has appeared in a data breach, changing it frequently will render the previous ones useless.
10. Don’t sign in everywhere with your main account
Imagine you have to sign up on a counterfeit iPhone or some random old TV to download an app or use YouTube. In these cases, it would be best if you did not use your main Google account.
11. Use a secondary or burner email account
Yet another way to protect your main Google account that you have enlisted in your bank records and other sensitive services is to use it in as few places as possible. You can explore the idea of creating a second account or using disposable email addresses to sign up for random services.
12. Update your software
Google recommends keeping your phone, computer, and web browsers updated. This ensures that bugs and security loopholes are fixed and that they do not negatively affect your Google or other accounts.
13. Remove insecure and unneeded apps and browser extensions
Imposter, shady, or insecure browser extensions and Android apps can cause serious harm to your Google account. So, it’s best to periodically remove apps and extensions you no longer use or remember installing.
14. Think before clicking links in messages, emails, and web pages
Many scams happen through web links that take you to a website that mimics the look of the official Google site or Google Forms and asks you to sign in to steal your login credentials. So, never click the links you receive from unreliable sources. Always do your due diligence when visiting links from SMS, email, or shady websites.
15. Look for the blue checkmark in Gmail
Gmail displays a blue checkmark when you receive emails from a verified source.
For instance, genuine emails from Instagram, Dropbox, and other companies that use the Brand Indicators for Message Identification (BIMI) standard show a blue check mark.
That said, it’s not always the case that the absence of a blue checkmark indicates the sender is fraudulent.
16. Do not abandon your account for months and years
Finally, many of us have more than one Google account. If you do not use your account at least once every 2 years, Inactive Google Account Policy states that the company may delete your account and its data. So, keep your Google account active by sending an email, watching a YouTube video, using Google Drive, etc.
In addition to the above tips, you can also go through the periodic security checkup if Google prompts you to do so.
On a related note: