Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Google’s Security Checklist – Keeping Your Google Account Secure

Google Account Security Checklist

Google today pushed a “Security Checklist,” primarily designed for Gmail users but something useful for all Google Accounts and Google Apps users. Several of the tips are obvious, but some tips and features that Google references may not be commonly used or paid attention to.Google Account Security

Google Account Security Checklist

Google today pushed a “Security Checklist,” primarily designed for Gmail users but something useful for all Google Accounts and Google Apps users. Several of the tips are obvious, but some tips and features that Google references may not be commonly used or paid attention to.Google Account Security

Here’s what Google suggests to help stay secure while using their services.

Your Computer

  1. Check for viruses and malware – While no virus scanner can catch 100% of infections, it is still important to run a scan on your computer with a trusted anti-virus software (or install a program that runs in the background and scans continuously). If the scan detects any suspicious programs or applications, remove them immediately.  
  2. Make sure your operating system is up to date – Operating systems release patches to repair security vulnerabilities. Whether you use Windows or Mac OS, we recommend protecting your computer by enabling your automatic update setting, and updating when you get a notification. 
  3. Make sure to perform regular software updates – Some software updates aren’t included in your operating system updates, but they are just as important. Software such as Adobe Flash, Adobe Reader, and Java release regular updates that may include repairs for security vulnerabilities. 

Your Browser

  1. Check your browser for plug-ins, extensions, and third-party programs/tools that require access to your Google Account credentials – Plug-ins and extensions are downloadable computer programs that work with your browser to perform specific tasks. For example, you may have downloaded a plug-in or extension that checks your Gmail inbox for new messages. Google can’t guarantee the security of these third party services. If those services are compromised, so is your Gmail password. 
  2. Make sure your browser is up to date – To check for browser updates in Internet Explorer, select the Tools tab and click Windows Update. In Firefox, just click the Help tab and select Check for Updates. Google Chrome automatically updates when a new version is released. 

Your Google Account

 1. Change Your Password – If your account has been recently compromised, you should update your password now. In general we suggest you change it twice a year, following these guidelines: 

• Pick a unique password that you haven’t previously used on other sites or on Gmail. Just changing one character or number still counts as reusing your password.

• Don’t use a dictionary word or a common word that’s easily guessable. Use a combination of numbers, characters, and case-sensitive letters.

2. Check the list of websites that are authorized to access your Google Account data

Make sure that the list of authorized websites are accurate and ones that you have chosen. If your Google Account has been compromised recently, it’s possible that the bad guys could have authorized their own websites to access your account data. This may allow them to access your Google Account after you have changed your password.To edit the list of authorized websites go here.

Advertisement. Scroll to continue reading.

• Sign in on the Google Accounts homepage.

• Click the My Account link displayed at the top right of the page.

• Click Change authorized websites. This page will list all third-party sites you’ve granted access to.

• Click the Revoke Access link to disable access for a site.

3. Update your account recovery options – We all may forget our passwords at some point, so we strongly encourage that you update your account recovery options.

Recovery email address: We can use your recovery email address to communicate with you if you lose access to your account. Learn more.

SMS: We can send you a recovery code to your mobile phone number, which you can use to reset your password. Learn more.

• Secret question: This option is only available if you can’t use the above recovery options and only if haven’t tried to sign in during the past 24 hours. An ideal answer to your security question is easy for you to remember, but hard for others to guess.

Your Gmail Settings

1. Confirm the accuracy of your mail settings to ensure that your mail stays and goes where you want it to.

Sign in to your account and click on the Settings link at the top to check the following tabs:

General: Check Signature, Vacation Responder, and/or canned responses for spammy content

Accounts: Verify your Send Mail As, Get mail from other accounts, and Grant access to your account are all accurate.

Filters: Check that no filters are sending your mail to Trash, Spam, or forwarding to an unknown account.

• Forwarding and POP/IMAP: Ensure your mail isn’t sent to an unknown account or mail client.

2. Check for any strange recent activity on your account. Click the Details link next to the ‘Last Account Activity’ entry at the bottom of your account to see the time, date, IP address and the associated location of recent access to your account.

3. Use a secure connection to sign in – In your Gmail settings, select ‘Always use HTTPS.’ This setting protects your information from being stolen when you’re signing in to Gmail on a public wireless network, like at a cafe or hotel.

Final Reminders

• Watch out for messages that ask for your username and/or password. Gmail will never ask for this information.

• Never give out your password after following a link sent to you in a message, even if it looks like Gmail’s sign-in page. Access Gmail directly by typing https://mail.google.com in your browser’s address bar.

• Don’t share your password with other websites – Google can’t guarantee the security of other websites and your Gmail password could be compromised

• Keep secrets! Never tell anyone your password, or your secret question and answer; if you do tell someone, change it as soon as possible.

• Clear forms, passwords, cache and cookies in your browser on a regular basis – especially on a public computer.

• Only select ‘Stay signed in’ if you’re signing in from a personal computer.

Always sign out when you’ve finished reading your mail.

To visit Google’s Online Security Checklist go here.  

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...