These tips will help you secure your Google account as well as any other online account you use regularly.
Enable two-factor authentication (2FA). You can do this directly from your account settings under Security>Signing in to Google>2-Step Verification. You will be able to choose the backup step of your choice, and can add more than one in order to give yourself more flexibility and security:
Verification codes via voice or text message
Backup codes
Google Prompt
Authenticator app
Backup phone
Security key
Refresh your password. If you have been using the same password for a while, it is highly recommended to change it. The new one should be strong and unique, and should not have been used in the past. Do not share it with anyone. Try to change your password every 6 months. If you are worried about remembering your password, you can use a password manager.
Secure your network. Avoid public WIFI, especially if you are logging into sensitive online accounts over the network. You can also get a virtual private network (VPN) to encrypt your internet connection.
Exercise caution with emails and links. Never click on random or suspicious-looking links. Not only can they result in malware, but they can send you to websites that ask you to provide personal details with the aim of stealing it. Remember that Google will never ask you for personally identifiable information over email.
Check third-party access. Be careful before giving third-party apps or websites access to your Google account. You should remove access for those you no longer use or trust. You can review them in your account settings under Security>Third-party apps with account access>Manage third-party access.
Log out of devices you do not use. Remember to sign out of Google (or any account for that matter) if you are not on your primary personal device. This not only includes public computers, but also extends to a friend or relative's device.
Go to Security>Your devices>Manage devices. This feature will list the types of devices you are signed into, as well as dates and locations. Under More details you will find the first sign-in date, the IP address, and the browsers you are signed in to on that device.
Add several recovery methods. In order to maximize your chances of recovery in the event of an account takeover, you should set up a recovery email and phone number in your settings under the Security tab.
💡 Tip: Write down the last password you used for your account and store it in a safe place. This can come in handy to verify your identity if you need to regain access to your account and cannot receive a code via email or phone.
Strengthen your recovery email account. First, make sure you added a recovery email if you don't already have one. Then, ensure that it has a strong and unique password. It is easier for a hacker to break into your Google account if your recovery email has a weak password, rather than try to sign in and have to bypass 2FA: with access to your recovery email the hacker can simply start the Google account recovery process and receive the verification code sent to that address.
Also, any time there is suspicious activity or general alerts, Google will send these to both your primary Google account and your recovery email address.
Never share a verification code. A hacker may have access to a friend or relative's device, so never send a verification code to anyone. This could be used to break into your own account.
Protect your online account. By activating Cyrus's online account protection feature, you can monitor your Google account for unusual activity like unrecognized app connections and logins.