If your online life revolves around Gmail, Chrome, and other Google software and services, your Google account is one of your most precious online resources. At a minimum, you should create a strong password for your Google account. That password should be one that’s not used by any other account.
This level is sufficient for most ordinary PC users, especially those who don’t use their Gmail address as a primary factor for signing in to other sites. If you’re helping a friend or relative who’s technically unsophisticated and intimidated by passwords, this is a good option.
BETTER SECURITY
- First, set up your smartphone as an authentication factor, using an app such as Google Authenticator. You can also sign in on a smartphone using your Google account, which automatically enables it to receive prompts for use as a sign-in and verification option. Then remove the option for using SMS text messages to verify your identity.
- With that configuration, you can still use your mobile phone as an authentication factor, but a would-be attacker won’t be able to intercept text messages to your phone number.
MAXIMUM SECURITY
For the most extreme security, add at least one physical hardware key along with the Google Authenticator app and, optionally, remove personal email addresses as a backup verification factor. That configuration places significant roadblocks in the way of even the most determined attacker.
This configuration requires an extra investment in hardware and it definitely adds some friction to the sign-in process, but it’s by far the most effective way to secure your Google account.
STEP 1: CREATE A NEW, STRONG PASSWORD
- You need a strong, unique password for your Google account. The best way to ensure that you’ve nailed this requirement is to use your password manager’s tools to generate a brand-new password.
- Generating a new password ensures that your account credentials are not shared with any other account; it also guarantees that an older password that you might have inadvertently reused isn’t part of a password breach.
STEP 2: TURN ON TWO-STEP VERIFICATION
- Google Account Security page just yet. Instead, scroll up to the Two-Step Verification section and make sure this option is turned on. Use the default option to receive codes via text message on a mobile phone you personally own.
- The setup process is a fairly straightforward wizard that confirms you are able to receive verification messages.
STEP 3: PRINT OUT RECOVERY CODES
- On the Google Account Security page, find the Backup Codes option and click Set Up. That opens a pop-up dialog box like the one shown here, containing 10 codes that you can use when you’re prompted for a second verification factor. Print out that page and file it away in the same locked file cabinet or safe where you put your password.
STEP 4: ADD A RECOVERY EMAIL ADDRESS
Registering a recovery email address is an important security precaution. In the event that Google detects suspicious activity on your account, you’ll receive a notification at this address.
Having a recovery email is also helpful if you forget your password. When two-step verification is enabled, resetting your password requires at least two forms of verification, such as a printed backup code and a code from an email message sent to a registered email account.
STEP 7: USE A HARDWARE SECURITY KEY FOR AUTHENTICATION
- This step is the most advanced of all. It requires an investment in extra hardware, but the requirement to insert a device into a USB port or make a connection via Bluetooth or NFC adds the highest level of security.
- You’ll need to enter the PIN for your hardware key, then touch to activate it. When that setup is complete, you’ve got a powerful way to sign in to any service powered by your Google account without having to fuss with passwords.