How to Make Your Google Accounts More Secure

Gmail has been the target of recent hacking attacks. Here are 4 tips to bolster security for your Google account information.

About a month ago I received an email from Blizzard Entertainment stating that a new World of Warcraft account had been started using my personal Gmail address. Someone with the user name of "Zhang" was hoping to do a little night elf adventuring using my data. I got on the phone with Blizzard right away, and they canceled the account faster than you can say Ogrimmar.

"Oh yeah," the Blizzard rep added, "you might want to change your Gmail password." I realized at that point that I'd been hacked, just like high-ranking U.S. officials were in June and just now, as Iranian citizens have been.

There was a moment of horror as I realized what kind of private data someone with access to my account could find about me.

For many of us, a Gmail password is not just a Gmail password. It's a passport to our Google Docs account, our AdWords campaigns, our personal Google calendars, Google Docs, and more. That's not to mention access to Gmail itself, through which someone can find tax returns, private email conversations, and other data to pull off identity or credit card theft. If you are using Google business apps, you risk damage to your company if staff members' accounts are insecure.

Luckily, Google has a vested interest in keeping your information as secure as possible. Follow Google's own Security Checklist for concrete steps to put your Google Account on lockdown, and pay special attention to the advice below.

1. Check for Third-Party and Updated Browser Extensions

Checking your browser for plug-ins, extensions, and applications that may have access to your Google account is a step that merits special attention, particularly because Google doesn't tell you how to do this. Internet Explorer This support page tells you how to disable browser helper objects in IE. If you want to disable third party extensions entirely, click Tools, Internet Options, Advanced, and uncheck the "Enable third party browser extensions" box under "Browsing". You will need to restart the browser for the setting to take effect.

Firefox This page automatically detects your Firefox plugins and ensures that they are up to date.

Google Chrome Google has asked Chrome extension developers to include automatic updates with their extensions to make Google Chrome more secure.

2. Change Your Password Often

Most of us ignore this simple step, not just for our Google Accounts, but all accounts that we use. While there is no set rule to changing your passwords, I've aimed for about once a month since my Zhang attack.

3. Set up Two-Step Verification

This is the most important step in Google's Security Checklist. Two-step verification adds an extra layer of security to your Google account by requiring a special code to be entered on trusted computers once every 30 days, and any time you are accessing the account from a non-trusted computer. But this doesn't happen by default; you have to set it up with Google first.

I'll add that printing your backup verification codes is more secure than saving them to a text file. If you do choose to save them to a text file, don't name it "Backup Google Codes" or something similar.

While signing up for two-step verification with Google is self-explanatory, this video from Google helps it make a lot more sense.

4. Require Google Accounts Used For Business to Be Secure

If you run a small business, ask all of your employees and contractors to run through the Google Security Checklist for their Google accounts. If you share Docs or other applications with clients, create a special outward-facing Gmail address that you can share with other Gmail users who may potentially be insecure themselves.

If you have a good ongoing working relationship with a client with Google accounts, send them this article and ask them to run through Google's suggested steps.

If you are concerned about security in your industry, have contractors and employees sign a contract that requires them to ensure that their Google Accounts are secure and use two-step verification.

The bottom line is that keeping your Google Account secure requires a bit of extra work. Considering that our Google accounts are digital keychains to our online lives, though, it's definitely time well spent.

Angela West dreams of opening a Fallout-themed pub featuring wait staff with Pip-Boys. She's written for big insurance companies, small wildlife control businesses, gourmet food chains, and more. Follow her on Twitter at @angelawest.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersGooglesecurityproductivity

More about BlizzardBlizzard EntertainmentGoogleWest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Angela West

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts