There is only one dream between us
and tomorrow we crave.

There is only one dream between us
and tomorrow we crave.

Securing your Google account

Your Google account is used to access all of Google services, including those dealing with confidential data such as Gmail and Drive. Its protection is therefore a paramount. If you aim at the best possible security of your account, we recommend employing following measures:

1. Strong and genuine password

  • Essential measure to keep your Google account protected. The strength of the password is depending on:
  • Its length, the longer, the better
  • Not holding significant meaning or relation to yourself (so it is impossible for potential attacker to guess or deduce it correctly)
  • Using combination of small and capital letters, numbers and special characters (e.g.  #, *,$)

It is important to follow these principles:

  • Genuine password - do not use your Google account password for any other account (e-shop logins, etc.) 
  • Password protection – do not tell anyone your password and do not type it on other sites than Google account login
  • Password refresh – do update your Google account password regularly

Password update and settings: 
My Account (https://myaccount.google.com/) › Sign-in & security › signing in to Google › Password


Recommendation: Sign-off is almost as important as sign-in – you should remember to sign-off the account each time you finish your work.


 

2. Account Recovery Options

Setting account recovery options is important in case you forget your login credentials, but also in case your account was hacked. It provides an option to restore the login to account. Therefore it is advisable to activate these options and keep them up to date. 

For Account recovery do submit the following:

  • Recovery phone number    
  • Recovery e-mail address    
  • Security question

Account recovery settings and options: 
My Account (https://myaccount.google.com/) › Sign-in & security › signing in to Google › Account recovery options

 

3. Two-Step Verification

Activate two-step account verification to provide additional level of security for your account. In this case, you will be prompt to type in security code along with the password. The security code is 6-characters long numerical code, generated only for your account. Each code is to be used only once.

Security code delivery options:

  • SMS to your mobile device (usual charge for text messaging included)
  • Phone call to your mobile device or land line
  • Using Google Authenticator app you installed on you mobile device (it is functional even in case your mobile device is without cell or data reception)

Two-step verification is the strongest security measure for your password, because potential fraudster would need physical access to your phone to generate security code alongside knowing your password.

Two-Step Verification Settings: 
My Account (https://myaccount.google.com/) › Sign-in & security › signing in to Google › 2-Step Verification


Recommendation: If you are logging to computer that is used only by you, you could opt to disable two-step verification for this device for further purposes. This computer would only require typing-in the password form now on. Your account will be secured still, because login attempt from any other device would still require two-step verification.


 

4. Recently used devices

Keep controlled (regularly the best) the list of devices that have accessed your account recently. The list contains all the devices that have accessed your account for the last 28 days, are still connected and recent activity report for each device:

  • When a where was the device used for accessing your account
  • Its location
  • Used web browser 

Showing recently used devices for your account: 
My Account (https://myaccount.google.com/) › Sign-in & security › Device activity & notifications› Recently used devices


Recommendation:  If you spot a suspicious activity – unknown device, location that you never been to, date and time you do not remember or unusual web browser – you are encouraged to remove access to your account for that device.


 

5. Apps connected to your account

Display the list of apps and sites you permitted to access your account. Check which apps do you still use and want to remain connected, remove those you do not trust.

Displaying apps and sites connected to your account: 
My Account (https://myaccount.google.com/) › Sign-in & security › Connected apps & sites › Apps connected to your account

 

6. Security Alerts

Choose and setup the way how Google should contact you in case there are changes in security settings of your account or suspicious activity is noted.

Security alert settings: 
My Account (https://myaccount.google.com/) › Sign-in & security › Device activity & notifications › Security alerts settings

 

7. Less secure apps access

There is an option to permit access to your account for less secure apps and devices – developed not by Google and using less secure sign-in technology, therefore leaving your account vulnerable.

Allowing less secure apps: 
My Account (https://myaccount.google.com/) › Sign-in & security › Connected apps & sites › Allow less secure apps

 


See also:

Protective measures for your Facebook account