Guest blog article by Steve Loosley, Tech Blogger
Do you store sensitive data in Gmail and Google Docs? If so, is your data safe? Is your account hack-proof?
In our last post you learned the key steps to make your Gmail secure. Today, I want to show you how to check your critical Google Account settings and how to set-up 2-Step Verification.
First, let’s update your Google Account settings. As shown in the following screenshot, click your name in the upper right corner of Gmail or Google Docs, and select Account Settings in the drop-down menu.
Let’s work though each of the items on the Account Overview page, as shown in the next screenshot.
Password
It’s a good idea to periodically change your password. Google recommends ...
- Pick a unique password that you haven't previously used on other sites or on Gmail. Just changing one character or number isn’t enough.
- Don't use a dictionary word or a common word that's easily guessable.
- Use a combination of numbers, characters, and case-sensitive letters to make your password impossible to guess.
Make sure that your password recovery options are up-to-date, so you can access your account if you forget your password, something that we all do. You can set-up your own secret question, backup email address, and SMS number. Again, make your answers guess-proof.
Authorizing applications & sites
Click edit and make sure that the authorized websites are ones that you have approved. If your Google Account has been compromised, it's possible that the bad guys have authorized their own websites. This may allow them to access your Google Account after you have changed your password.
Use 2-step verification
Two-step verification will make your Google Account 99.9% hack-proof by adding an extra layer of security.
With 2-step verification, signing in to your Google Account requires two steps:
- Password. First, you enter your Google Account password as normal.
- Code. Next, you’ll be prompted for a time-sensitive, random 6 digit code.
Watch the following short, 3:28 Google video to learn about 2-step verification, and then we’ll set-up your account.
Setting up 2-step verification
- On the Account overview page, click edit next to Using 2-step verification (see screenshots above).
- A help screen will open. Click Start setup.
- Select how you want to receive your verification codes: SMS, voice call, or on your smart phone.
- Next, add a backup number to ensure that you can receive a verification code to sign-in even if your primary phone isn't available or working.
- Finally, record or print your backup codes and store them in your purse or wallet.
Application-specific Passwords
After you set-up 2-step verification, some applications that access your Google Account (such as Gmail on your phone or Outlook) cannot ask for verification codes. Instead of verification codes, you'll enter application-specific passwords.
For a complete list of applications that require new, unique passwords see this this Google help article. This article also explains how to generate and enter these passwords.
To set-up application-specific passwords,
- Click on edit next to Authorizing applications & sites on the Account Overview page (see screenshot above).
- Locate the Application-specific password section at the bottom of the screen.
- Enter a Name and click Generate password.
- Copy the password and either paste or enter it in the application.
There is no need to remember these passwords. You only need to authorize an application once.
Whew, great job! Your Google Account will be 99.9% hack-proof by using a strong password, reviewing authorized sites, and implementing 2-step verification.
In the comments below, let me know what steps that you've taken to protect your Google Account.
Additional Resources
Gmail Security Checklist - Google Help Document
Google Two-Step Verification - Google Help Document
Managing and Organizing Your E-mail Inbox--Using Google Apps - People-OnTheGo webinar series
Inbox Freedom - People-OnTheGo webinar series