Best practices for keeping your Google password from being compromised
Google, while being a company that most people automatically associate with highly professional quality services, is no more immune to failures and fiascos than any other major digital technology corporation.
This is something that every single Google user should never let themselves forget, and even less so the more they depend on the Google giant for many of their online data storage and work management needs.
This applies especially when it comes to the security you need in order to protect your digital information in a way that will keep it from being totally erased, hacked or stolen. Also, this is where Google, despite its reputation, can be surprisingly weak unless you yourself take proactive steps to change that.
Luckily however, doing that sort of thing –changing your Google passwords from insecure, weak little things into something strong and robust—isn’t really all that hard, and it’s especially effective when coupled with a few additional security strategies after the fact.
That said, let’s get down to explanations:
The Power of Two Factor Authentication for Google passwords
Two factor authentication or TFA in short, is the core strategy that Google has implemented in an effort to boost the security of all its data services since several attacks against Gmail and Google accounts in general made a lot of users nervous back in 2011, 2012 and even 2013.
Oddly though, despite the implementation of TFA and a fairly strong campaign of notifications advising users of the option while they are using the company’s services, actual usage hasn’t been as widespread as it should be. This has been a contributing cause to continuing attacks despite the new security strategy with the end result of making Google still look insecure even though its two factor systems are indeed quite powerful as protection tools.
You as a Google user shouldn’t let yourself fall into the lazy trap of foregoing TFA protection, especially since setting the process up for any or all of your different Google accounts is really quite easy.
Your first step is to head on over to the following page: http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744&rd=1
Once you’re there, the process you’ll need to follow is really simple as far as setup goes; first, you’ll need to set your country, hand over the name of the Google account you use for most of your important online Google apps, type in your password and access the authentication setup page.
You can also reach this same setup page from right inside your Gmail account by clicking on the name of your email address in the right corner of your account, clicking on “settings”, scrolling down to the “Security tab on the left side and –once you’ve clicked on it—opening the 2 factor authentication setup section that appears to the right in the menu options that are available.
Whichever way you go about accessing two factor setup, you’ll essentially be prompted to hand over the number of at least one mobile device to which your authentication passwords can be sent each time you try logging in from a device that’s unrecognized by Google. This will be a bit of a pain in the butt, but it dramatically improves your account’s hacker resistance levels.
Additionally, you might also want to take a few minutes to generate several advance one time passcodes for future situations in which your mobile device isn’t at hand and you’re logging in to your account from a device you’ve never sued before. These can be written down somewhere and stored securely for later eventualities.
Both the passkeys thereafter sent to your mobile device and the several single-use written passkeys that you generated while setting up TFA for your Google account and mobile device are based on an algorithmic process called TOTP (Time Based One Time Password) technology. In essence, this will guarantee that each of the keys created for your security is highly unique, never reused and highly random in its creation.
There you go; if you’ve followed the above simple steps, you now have a TFA protected Google account that will elevate your security whenever you log into all the applications to which the account is connected –such as Gmail, Drive, Google+ and other services. From now on, any time you log in from an unrecognized device, you’ll have to enter your original basic password and a key that’s either sent to your cell phone or one of the written keys you had generated when setting up TFA.
Your main work or business related account is obviously the one you should be most worried about securing, but If you have multiple Google accounts, you can and should go ahead and set up distinct 2 factor systems in all of them for maximal security.
A Few Extra Security Tips
Now that you’ve set up TFA on your account, you can’t just leave it at that; there are a few other basic security and access protection steps to keep in mind.
For one thing, never let yourself lose both your mobile device and your written one time access code list. Losing either one creates an enormous security breach if hackers already know your basic Google password, and losing both can cause you to get locked completely out of your own account unless you can find a previously used device to access it from.
Never leave your Google account logged into on any device you’re not actually using; always log out right after you’ve finished whatever you were doing, even on your own personal devices.
Don’t share access to your Google accounts with anyone you don’t completely trust, even if there is a practical reason for giving them access.
Finally, as a final layer of security: enable HTTPS on all of your Gmail accounts. This can be done by clicking on the little gear icon in the upper right side of your account, clicking on “Settings” under that and then scrolling down until you see an option to “always use https” and ticking it on. HTTPS will fully encrypt the transmission of your Gmail messages.