Securing Your Google Account image header

Securing Your Google Account

Updated September 2023

Google is no longer just a search engine. It is a tech company with all sorts of projects and products. Your Google account is a precious thing. Why should you protect it? Because it contains multitudes of information about you and your activities.

What’s Inside Your Google Account?

Go to My Google Account and sign in. Here’s a small sample of everything inside:

Gmail. All your emails, your contacts, and all your file attachments.

YouTube. Google purchased YouTube in October 2006. So, your account lists not only all the content you’ve published on your own YouTube channel, but all your favorite videos and a list of all the videos you’ve watched.

Calendar. Your entire schedule, including the events you’ve marked as private, and all the locations of events you’ve been to.

Maps. All the places you’ve looked up directions for, photos of those locations, and the addresses that you’ve marked as “work” and “home.”

Drive. How many files do you have stored in Google’s version of cloud storage? What kinds of files? Documents for work, financial statements, personal photos?

Your Android devices. You can’t use any Android phone or device without a Google account. Your account contains a list of every Android device that you’ve logged into. It also contains logs of all the activities you’ve done with apps installed on your Android.

Every search you’ve ever done with Google. Go to My Activity and sign in. You can see every search term that you have ever typed.

Every voice command you have given. Not only voice searches, the apps you’ve opened, the people that you’ve called.

Every other app and service connected to Google. How many times have you used your Google account to log into services instead of creating a separate password?

There is an endless amount of information about you and your life contained in your Google account. How do you keep it safe? A password just isn’t enough; after all, you might forget it. There are two ways to add extra protection to your account: two-factor authentication and Advanced Protection.

Two-Factor Authentication

Two-factor authentication is, simply, using two things to gain access to a resource. These two things will be something you know and something you have. The “something you know” could be a password, access code, or phone number; the “something you have” could be another device or a hardware token.

When you sign up for a Google account, the first level of protection you set up is your password. After you log in for the first time, you can choose some more options. To set up two-factor authentication, you will need to enter your cell number. Add your phone number to your account, and you can get an access code sent to your phone, either through a phone call or a text message.

Google can also provide you with authentication codes. This is a list of eight-digit codes, generated in a group of ten at a time. These are single-use; if you use one, cross it off the list.

Screenshot of Google backup codes

A list of codes with the date that they were generated on.

Another method of accessing your account is to use your smartphone. The Google Authenticator app is available in the Google Play Store and the App Store. To set it up, go the Security and Sign In section of your Google account.

Screenshot showing the options for setting up Google prompt or Authenticator app

Scroll down to the option for Google Authenticator and click “Setup.”

Screenshot of Google Authenticator setup menu

A QR code will appear on your computer screen. Open Authenticator on your smartphone and use it to scan the QR code.

Google Authenticator QR code

Click “Next,” then type the six-digit code on your phone into the text box on your screen, then click “Verify.” Once the code has been verified, click “Done” to complete the process.

Screenshot after Google Authenticator has been set up

Google Authenticator has been successfully set up.

If you’re signed into your account on a smartphone, you can use Google prompts. (If you’re using an iPhone, you’ll need to have certain Google apps installed.) When you sign into your account on another device, you will get a notification on your smartphone. You can tap the notification or enter the code that appears.

The hardware token, better known as a security key, is a little device you plug into or attach to your computer. You will use it together with your password. Using a security key with your Google account will make it that much harder for someone to break into it. Guessing a password is one thing, but making a copy of your security key is much, much more difficult. It’s not the same as making a copy of a house or car key.

This key must work with both a regular computer (desktop or laptop) and a mobile device. The keys are only sold by online retailers. They can be found on Amazon, eBay, and other places by searching for the phrase “fido u2f security key.”

What do these terms mean? FIDO (Fast IDentity Online) is an industry organization formed to create universal standards for authenticating identity on websites, apps, and computers. To put it simply, the goal is to keep all our online accounts safe by creating devices to log into them. After all, passwords are often lost, forgotten, or successfully guessed by attackers.

U2F stands for “universal two-factor authentication.” It was developed by Google with the tech company Yubico; perhaps it’s no surprise that the most popular FIDO key is the Yubikey.

Yubikey NEO

The Yubikey NEO, which also uses NFC, the communication method used for things like Samsung Pay. Ideal for Android devices.

On your mobile device, the key can be either a Bluetooth Low Energy key or a FIDO-certified U2F key. If you’re using an iPhone or iPad, you will need to download the Google Smart Lock app. Unfortunately, Apple Mail and Apple Calendar aren’t compatible with security keys.

Screenshot - registration of security key

Once you have used your key to log into your computer or device, you won’t need it again on that computer or device – unless you get logged out.

If you lose your key, you will need to remove it from your account. Go to your two step verification page. By the listing for your key, click the edit button that looks like a pencil.

Screenshot of security key profile

On the popup menu, click the option “Remove This Key.”

Still scared of getting locked out? Set up a recovery email before this happens. If you have a Gmail account, you can enter a second email account for emergency access. If not, your default recovery email is the email account that you used to create your Google account. 

Advanced Protection

The other level of security is Advanced Protection. As the name implies, this is a higher level of security. Who needs it? Anyone who could be a target of stalking, harassment, or surveillance, including:

  • journalists
  • government employees and political operatives
  • those who are escaping from domestic violence

When you use Advanced Protection, it limits the use of your Google account when it comes to connecting to other services. You won’t be able to use text messages or Google Authenticator to access your account. Also, to read email, you will use either Gmail or Inbox by Gmail. Only Google apps will be able to access your Google account now.

With Advanced Protection, Google recommends registering two security keys for your account. The second key will be an emergency spare for the first key. If your first key is lost or stolen, make sure to remove it from your account. A key for your mobile devices must use either Bluetooth or NFC (the same type of connection used for Apple Pay and Samsung Pay). A key for your laptop or desktop computer can plug into a USB port.

The USB A port

USB A port

The USB C port

USB C port

When you first sign up for Advanced Protection, you will be logged off of all your devices except the one you are currently using. If you get locked out of your account when Advanced Protection is turned on, there will be a three to five day “cooling off period.” To get back into your account, you will have to provide Google with an extensive amount of information. According to the official blog, this will involve “additional reviews and requests for more details about why you’ve lost access to your account.” This may include the date of the creation of your account.

There are many options for securing your Google account. You may not need all of them, but the more you use, the safer you’ll be. Don’t just rely on your password alone, because it’s not enough.

Screenshot showing the options for setting up Google prompt or Authenticator app
Screenshot showing the options for setting up Google prompt or Authenticator app
Sharing is caring: