Google Security And Safety

Google accounts are a convenient sign-in option and login method for various digital media accounts, ranging from social media platforms to online services or email accounts.

While the ease of using Google for logins is undeniable, it is crucial to prioritize and uphold robust security and safety measures.

Failing to do so, convenience can quickly become inconvenient and stressful if the Google account gets compromised.

Additionally, considering the expanding range of Google services, such as Google Drive for file storage, Google Photos for media backup, and Google Calendar for scheduling, it becomes increasingly important to safeguard your account comprehensively.

Your risk acceptance level should determine the measures you need to take to keep your Google account secure.

Digital Security Measures Risk Acceptance Levels

Security is crucial, but it’s not the sole factor to bear in mind. 

No matter how stringent our security measures are, a Google account remains vulnerable if the owner willingly discloses login credentials in a phishing scam, loses access to the 2FA method, or suffers a severe accident.

Therefore, you should strongly consider increasing your digital safety awareness and applying the necessary measures to keep your Google account safe.

Digital Safety Measures Risk Acceptance Levels

Table of Contents

Important notice: Do your research.

Our content is intended to be used and must be used for informational purposes only. It is not intended to provide investment, financial, accounting, legal, tax, or other professional advice.

It is essential to research and verify any information you find on this website or any other website.

Define Your Google Account Risk Acceptance Level

Before proceeding, it’s essential to define your risk acceptance level. For that, you need to assess and consider the following:

– The type of assets accessible through your Google account.

– The value associated with those assets.

This assessment is crucial for determining your Google account’s appropriate security and safety measures. 

For instance, people with a medium-level risk acceptance might find an Authenticator app as a Two-Factor Authentication (2FA) method sufficient. 

However, opting for a hardware token as a 2FA method would be a wiser choice for those with a low-level risk acceptance. 

Understanding and aligning your risk acceptance level with the security measures needed will help ensure the safety of your account.

Think about how you use your Google account and the consequences if you lose access or the account is compromised due to a hack.

Google account used for communications (Gmail):

While some people may send relatively unimportant emails (low-value accounts), many use their Google accounts to send and receive emails containing sensitive information (medium or high-value accounts).

Losing access to a Google account can be a great inconvenience, resulting in Personal Identifiable Information (PII) being stolen and sold to people with malicious intentions.

Or, even worse, once the hacker reads through the emails, find out what other digital platforms you use and try to access those platforms through password recovery. 

The hacker can request a recovery link to be sent to the compromised Google account and take over other of your digital accounts. 

Define your risk acceptance level (high, medium, or low) by considering the impact if someone gets access to your email communications, including all your contacts and all the attachments sent and received from your account.

Outlook account verification

Google account used to access third-party applications:

A Google account can be used to sign up and sign in to many digital platforms (e.g., Twitter, Coinbase, YouTube, etc.) and online services. Therefore, the value of a Google account can be determined by assessing the number and value of platforms to which it gives access.

Losing access to a Google account (e.g., forgotten credentials or hacking) can be a significant problem that leads to losing access to several digital platforms.

Define your risk acceptance level (high, medium, or low) by considering the impact if someone gets access to your Google account and finds out that it can be used to log into your Twitter account, LinkedIn account, YouTube account… and that malicious person temporarily takes over those platforms.

Google account used for digital media monetization

Content creators can create revenue through several Google platforms, like monetizing YouTube channels, creating a Twitter (X) account, or adding Google Ads to a personal website. 

A compromised Google account can sometimes lead to significant personal and financial loss.

Define your risk acceptance level (high, medium, or low) by considering the impact if someone gets access to your Google account and temporarily or permanently disrupts the income you generate through that account.

For example, consider Mary’s case, who uses her Google account to:

– Log in to her YouTube channel, which is monetized and generates regular income 

– Log in to her Twitter account

– Log into her Coinbase account, the leading platform she uses to purchase, sell, and manage her cryptocurrency assets.

– Log in to her Medium account, which is also a regular income source for her.

– Log in to her email account, which she uses to send and receive emails containing very sensitive information

So, in her case, it makes sense to have a very low-risk acceptance level and apply security and safety measures accordingly.

Have you defined your Google account risk acceptance level already?

If yes, you are ready to define the most adequate security and safety measures for your particular situation.

A Strong and Unique Google Account Password

A strong and unique password is the first layer of security to protect your Google account from hackers or any other malicious person who wants to access your account.

A Strong Google Account Password

It is common knowledge that it takes just a few seconds or minutes to crack a weak password.

But, be aware that many people are under the correct assumption that their passwords are strong, which does lead to accounts being hacked.

It would be best to learn how to create a strong password that can resist brute-force attacks for many years.

Strong and Unique Passwords

How long will your password resist
GOOD PARCTICES

Of course, the strongest the password is, the more complex it is, and the more challenging it is to remember and type it when required by your Google account. Therefore, your password should match your risk tolerance level:

– Very weak password: Under 64 bits

– Weak password: 64-80 bits

– Moderately strong password: 80-112 bits

– Strong password: 112-128 bits

– Very strong password: Over 128 bits

A moderately strong password with 85 bits of entropy (password entropy calculator) contains the following:

– Lowercase Latin letters: 5

– Upper case Latin letters: 3

– Digits: 3

– Special characters: 2

A strong password with 117 bits of entropy contains the following:

– Lowercase Latin letters: 7

– Upper case Latin letters: 5

– Digits: 3

– Special characters: 3

A very strong password with 131 bits of entropy contains the following:

– Lowercase Latin letters: 2

– Upper case Latin letters: 6

– Digits: 9

– Special characters: 3

A Unique Google Account Password

You must be aware that there is a high probability that, sooner or later, some of your personal information (e.g., email address, password) will be exposed due to a data breach.

Once a data leak happens, malicious people will sell and re-sold your data to other evil people, and you will most likely be the target of a hack or spear phishing attack.

If you reuse one or two passwords for all your accounts, once they are leaked through a data breach, your account will be susceptible to being hacked or phished.

Reused passwords warning Google

This is because of password dictionaries, which are lists of leaked passwords available online. 

Using such lists is a dictionary attack, a hacker’s technique to break into your Google account before moving on to a brute-force attack. 

If your digital security risk tolerance is medium or low, you should consider having (and maintaining) unique passwords for each of your digital accounts.

But if your digital account security risk is low, you may feel comfortable reusing several accounts’ passwords.

Invisible Ink

Enhanced Security for Your Passwords or Secrets
GOOD PARCTICES

For low, medium, or high-risk tolerance, your Google account maintenance plan should include periodic reviews of sensitive data leaks. More information is below.

If you have decided to reuse passwords, an early threat identification will allow you to take steps to change the compromised password as soon as possible.

Google Password Backup Safe Storage

Because you follow the good practice of having strong and unique passwords for each of your accounts, you may need to take note of the passwords in case you forget one, including your Google account password.

And, of course, your password backup must be safely stored, away from anyone who will use them for their advantage. Which means everyone expects your most trusted family members.

Home Safe Box

A layer of protection fro your physical and digital wealth
GOOD PARCTICES

If you don’t have or cannot have a home safe box, you may consider alternatives, like using an encryption technique to ensure that the data remains protected in case someone gets access to the written information.

Enhance Google Security With Two-Factor Authentication

Two-factor authentication (2FA) should be a must-to-have security feature for every Google account. 

Because there are very convenient and free-to-use options that can be easily implemented.

In the following sections, we briefly describe the 2FA methods that can be used to secure a Google account.

Google Security Section

SMS Authentication

SMS is the weakest type of 2FA, but it is free and requires no specific software, additional hardware, or maintenance.

Even people with high-risk tolerance should consider setting up SMS if other 2FA factor methods are unsuitable.

SMS 2FA Advantages:

– Free

– Do not require additional software or hardware

– Many services offer SMS 2FA, making it widely accessible to users.

SMS 2FA Disadvantages:

– No backup possibility, so if the SIM card is damaged or lost, it may take time to get a replacement.

– It is the weakest type of 2FA and is prone to SIM swap attacks.

SIM swaps are a system used by hackers and scammers to take over your SIM 2FA and break into your digital accounts. Mainly to get access to your financial assets.

SIM Swap Attack

Learn how hackers and scammers take over your SMS 2FA
MEDIUM

Before enabling SMS as 2FA, please ensure a disaster recovery plan in case your SIM card is stolen, lost, or damaged.

Prompt Notification

Google prompts are more secure than text message (SMS) verification codes because Google will send prompts only to pre-existing and trusted devices where you are signed in.

As described by Google on their web page ‘Sign in with Google prompts‘:

– Hackers may try to steal SMS verification codes to help them break into your account. Google prompts help protect against this account hacking method by sending them more securely to only your signed-in devices.

– Get more info about sign-in attempts. To help you find suspicious activity, Google prompts give you info about the device, location, and time of the sign-in attempt.

– Block suspicious activity. If you didn’t try to sign in to your account, tap No on the notification to secure your account.

Google 2FA Prompts

You can use Google prompts to sign in:

With your phone instead of a password

– In addition to your password, when you turn on 2-Step Verification

– When you try to recover your account

– Even if you haven’t turned either of these settings on, Google might also ask you to tap a notification to help confirm you’re signing in.

Prompt Notifications Advantages:

– Prompts provide a user-friendly experience by sending notifications for authentication.

– Similar to hardware keys, prompts are resistant to phishing attacks.

Prompt Notifications Disadvantages:

– Users need a compatible device to receive prompts, and compromise of the device poses a risk

– Not as widely adopted as other 2FA methods, limiting its availability across various services.

Google Authenticator App

Authenticator apps, like Google Authenticator or Microsoft Authenticator, are free to download, install and use.

They are usually installed on mobile devices, so most people can have this authentication method up and running without hassle.

Two-factor authentication apps can be a viable option for those people with medium risk tolerance levels.

Authenticator Apps Advantages:

– It is free

– It is a safer method than SMS authentication

– Authentication apps generate time-sensitive codes that are not easily intercepted.

– Authentication apps work even without an internet connection once set up.

– Creating a backup system for easy and fast recovery is possible if the mobile device is lost or damaged.

Authenticator Apps Disadvantages:

– It is not a hack-proof system and may not be able to protect the user from Man-in-the-Middle (MitM) type of attacks.

– There can be security concerns if the device where the authentication app is installed is lost or compromised.

Man-in-the-Middle Attack

Learn how hackers can steal login credential and bypass 2FA
MEDIUM

Google 2FA Mobile Device Lost

The latest version of Google Authenticator lets you back up and sync your one-time 2FA codes to your Google account via the cloud.

You can access those same codes from a different device signed in with your Google account.

This means a lost mobile phone is not a problem, provided you can access your Google account using a different authentication method.

As described in a Google Blog Post:

‘ One major piece of feedback we’ve heard from users over the years was the complexity in dealing with lost or stolen devices that had Google Authenticator installed. Since one time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator. 

With this update we’re rolling out a solution to this problem, making one-time codes more durable by storing them safely in users’ Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.’

This information is relevant for you in two ways:

– If you lose access to the phone where the Google Authenticator is installed, you can regain access by installing it to a new device and synching it.

– But, if your Google account becomes compromised, someone could access your Authenticator codes by synching your account to their device.

Google 2FA Mobile Device Stolen

If your mobile device is stolen, you can restore your Google Authenticator account to a new one. Still, you should strongly consider erasing the stolen device immediately. 

Erase Apple device Iphone

Security Keys

Security keys, also known as security keys, hardware keys, or hardware tokens, are physical devices that provide an additional layer of security for online accounts. They are used as a form of two-factor authentication (2FA).

Hardware keys are considered one of the safest 2FA methods for the following reasons:

– Phishing Resistance: Hardware keys resist phishing attacks because they rely on cryptographic challenges and responses that attackers cannot easily intercept or replicate.

– Physical Possession Requirement: An attacker would need physical possession of the hardware key to compromise the authentication, adding an extra layer of security compared to methods that rely solely on codes sent to a user’s mobile device.

– No Dependency on Mobile Networks: Unlike text messages or app-based authentication, hardware keys do not depend on mobile networks or internet connectivity, making them more reliable in various situations.

– Tamper-Resistant: Hardware keys are designed to be tamper-resistant, making it difficult for attackers to manipulate or clone the device.

– Simple and Convenient: They are user-friendly and often involve a simple action, such as plugging in the USB key or tapping it on a device.

Google Advance Protection Program
Enroll in the Google Advanced Security Program and sleep comfortably, knowing only you have the key to log into your account.
MEDIUM

Security Keys Advantages:

– The safest 2FA method

– Hardware keys are not tied to a specific device, reducing the risk of device-related compromises.

– Hardware keys provide the highest protection against phishing and other attacks.

Security Keys Disadvantages:

– Hardware keys must be purchased, and they can be costly

– It is highly advisable to purchase a spare hardware key, and that adds more cost

– Some services may not support hardware keys, limiting their universal application.

Yubi key

Some of the best and most well-known security keys.
2FA KEYS

Thetis key

An affordable option protected by aluminum casing.
2FA KEYS

Titan Security Key

Engineerd by Google
2FA KEYS

Google Account Maintenance Plan

You may not need to have a Google Account Maintenance Plan. But it is highly recommendable to check the health of your Google account, even if it is only a couple of times per year. 

Your Google Account Maintenance Plan should contain the following:

–  A periodic review* to ensure that no foreign devices have been added to your account. Because this can be an indication of a security breach

A periodic review* to review recent activity and flag any unfamiliar activity so you can quickly react in case of a potential security breach

A periodic review* of third-party applications granted access to your account. Because any unfamiliar third-party application can be an attempt to access or monitor your Google account data

A periodic review* of leaked info on the dark web that can lead to spear phishing attacks using the leaked data.

* Your risk acceptance levels should define the period between reviews. A low-risk acceptance level would require frequent reviews, while very sporadic reviews may be sufficient for a high-risk acceptance level.

What Devices You Are Signed In

Regularly reviewing the list of devices that have access to your Google account ensures that you can quickly identify any authorized device that does not belong to you.

An early identification of a foreign device will allow you to take action to minimize the impact. Because the longer someone has access to your account, the more damage can be done.

Recent Activity

By regularly reviewing the recent activity log, you can detect any unauthorized access or suspicious behavior.

Google allows you to review the account activity within the last 30 days.

Google recent activity

Third-Party Connections

While third-party connections can enhance your Google account’s functionality, they pose potential security risks.

You can minimize vulnerabilities and maintain a secure online presence by periodically reviewing controlling access and permissions.

As a rule of thumb, for medium or low-risk tolerance levels, do not grant any third-party connections that may have access to sensitive information. And do not grant access to any third-party application that can change your Google account.

Leaked Info on the Dark Web

Monitoring your digital presence on the dark web is an emerging aspect of account security.

Sensitive data is sold to bad actors who will use it to organize spear phishing attacks.

Dark Web Data Leak Google verification

It is impossible to prevent data leaks because website security is not in our hands. Still, we can anticipate digital attacks and be ready to avert them if we know what personal information has been leaked.

Dark Web Data Leak

Google Account Recovery Plan

You need an alternative method to log into your Google account, like using a backup code, a recovery phone, or a recovery email.

– In case you forget your password and don’t have a safe copy stored in a safe place.

– Or if you lose access to the device used for two-factor authentication.

Therefore, you must know what options exist to recover a Google account and ensure they are set up and ready to use when needed.

Google Account Backup Codes Generation and Safe Storage

You can use backup codes if you cannot log into your Google account because you forgot the correct password. Suppose you have generated them first.

If you use this method, generate the codes and store them safely. Because if someone with malicious intentions gets access to them, your Google account may be compromised.

Google Backup Codes

This is how to use the backup codes to recover your Google account:

– Find your backup codes.

– Sign in to your Google Account

– Click Try another way.

– Click Enter one of your 8-digit backup codes.

– Enter one of your unused backup codes.

Google Account Recovery Phone Number

As described by Google, the recovery phone is used to reach you in case unusual activity has been detected or you get locked out from your account.

If you have got locked out and you want to use your recovery phone:

– Go to the sign-in page of the Google service you want to use (for example, Gmail).

– Enter your username and password.

– Select Try another way to sign in or More options.

– Select Get a verification code.

– Follow the instructions to enter the code you were sent. 

A recovery phone setup is a very effective way to recover your account in case of a problem. So, you want to consider setting up a recovery phone, but you must keep the device safe and have an additional recovery system in case you lose your phone.

Google Account Recovery Email

If we solely rely on a mobile phone as a 2FA method plus account recovery, we may be in trouble if the device is lost or stolen.

The recovery email can reach you in case of unusual activity or if you get locked out from your Google account.

Google Account Inheritance Plan

Your Google account is the access point to personal data and, sometimes, financial value.

As such, you may want to ensure that your loved ones can access your Google account if something happens to you.

– Google has conveniently made a digital legacy tool available.

– Alternatively, you may want to create your inheritance plan and make it accessible to your loves.

– Or, you can combine both. Let’s have a look at the options.

Google Digital Legacy Plan

Google has made available a tool that you can use to communicate with your most dear people in case something unexpected happens to you.

As Google mentions in their web page ‘About Inactive Account Manager‘:

We’ll use the phone number to ensure that only the trusted contact can download your data. Verifying the identity using a mobile phone number prevents data access from unauthorized people who might get hold of the email we send to your trusted contact.

Contacts will only receive notification once your account has been inactive for the specified amount of time — they will not receive any notification during setup.

If you only notify your contacts of your inactive account, they’ll receive an email with a subject line and content you wrote during setup. We’ll add a footer to that email explaining that you’ve instructed Google to send an email on your behalf after you’ve stopped using your account.

This footer might say something like this:

John Doe (john.doe@gmail.com) instructed Google to send you this mail automatically after John stopped using his account.

Sincerely,
The Google Accounts Team

If you share data with your trusted contact, the email will also contain a list of the data you have chosen to share with them and a link they can follow to download the data. An example of such a message could be:

John Doe (john.doe@gmail.com) instructed Google to send you this mail automatically after John stopped using his account.

John Doe has given you access to the following account data:

    • Blogger
    • Drive
    • Mail
    • YouTube

Your Digital Assets Inheritance Plan

If the value of your Google account is high, you may want to consider passing that value to your loved ones. After all, it would be a pity that all that value is lost if something unexpected happens to you.

Inventory Your Google-Linked Accounts:

– List all online platforms linked to your Google account.

– Include details about associated accounts like YouTube, AdSense, and other monetization platforms.

Secure Access Information:

– Store your Google account credentials securely.

Designate a Google Account Executor:

– Appoint a trusted person to manage your Google-related digital assets.

– Provide clear instructions on managing YouTube channels, AdSense, and other monetization tools.

Include Google Assets in Legal Documents:

– Update your will to mention your Google account and associated assets explicitly.

– Clearly state your digital executor’s responsibilities regarding Google-related platforms.

Instructions for YouTube and AdSense:

– Specify your wishes for your YouTube channel, including continuation or closure.

– Guide the handling of AdSense revenue and account management.

Financial Google Assets:

– Clearly outline access to any financial aspects linked to your Google account.

– Ensure your digital executor understands the management of AdSense and other monetization tools.

Protect Sensitive Google Information:

– Encrypt sensitive files and documents linked to your Google account.

-Share decryption keys or passwords securely.

Regularly Update Your Google Account Plan:

– Review and update access information and preferences regularly.

– Keep your digital executor informed of any changes or updates.

Communication with Loved Ones:

– Inform your loved ones about your Google account plan.

– Share details with the designated digital executor regarding your online presence and monetization strategies.

Backup Important Google Data:

– Regularly back up important files, especially those related to your Google account.

– Specify where backups are stored and how they can be accessed.

Combining Google and Your Own Digital Inheritance Plan

Having written instructions stored online in your Google account can be a risk.

But, for example, you may consider having the instructions written on paper or stored in an encrypted USB drive and have the Google Legacy Plan send a message to your loved ones with instructions about accessing the data.

Encrypted USB Drive

Protect sensitive information from falling into the wrong hands
GOOD PARCTICES

Google Account Hacked - What To Do Next

If adequate security and safety measures have been taken, there is very little chance of suffering a Google account hack. 

However, it is always good to know what steps to take if a Google account becomes compromised.

Scenario 1 : Victim Still Has Access to the Account

Immediate Password Change:

– Change your account password immediately to secure it from any ongoing unauthorized access.

Enable Two-Factor Authentication (2FA):

– Activate 2FA to add an extra layer of security, preventing unauthorized logins even if the password is compromised.

Review Account Activity:

– Regularly monitor your account activity for suspicious logins, unfamiliar devices, or activities. Check the “Security” page for detailed information.

Revoke Access to Suspicious Apps:

– Review and revoke access for any third-party apps or services connected to your account, especially those you don’t recognize.

Run a Security Checkup:

– Utilize Google’s Security Checkup to review and enhance your account security settings, connected devices, and recent security events.

Update Recovery Information:

– Ensure your recovery email address and phone number are up-to-date. This information is vital for account recovery if needed.

Check for Phishing Attempts:

– Stay vigilant against phishing attempts. Verify the legitimacy of emails or messages related to your account and avoid clicking on suspicious links.

Phishing Scams

Learn about how to identify and prevent Phishing scams.

Scenario 2 : Victim Does Not Access to the Account

Account Recovery:

– Initiate the account recovery process through the page ‘Secure a hacked or compromised Google Account

Verify Identity:

– Follow the verification steps to confirm your identity. This may involve providing information associated with the account.

Change Password Upon Regaining Access:

– Once you regain access, change your password immediately to prevent further unauthorized activities.

Enable Two-Factor Authentication:

– Activate 2FA to secure your account and minimize the risk of future unauthorized logins.

Review and Secure Account:

– Conduct a thorough review of your account settings, including connected devices and third-party app access. Secure your account with updated information.

Check for Phishing or Malicious Activity:

– Examine your emails and messages for potential phishing attempts. Avoid interacting with suspicious links or requests.

Educate Yourself:

– Stay informed about Google’s security features, and educate yourself on best practices to prevent future security breaches.

Has this post been of value to you?

If the answer is yes, and you think that it will be of value to someone else, please share it:

Thanks for sharing,

and promoting crypto safety and digital security.

Are you looking for additional information about the same or similar topics?

Please, if you have one more minute, consider leaving us feedback

We would love to hear your opinion.

How do you rank the content of this page?

What kind of information or resources were you looking for?

Is there anything else that you would like to tell us:

– Is there any other topic of your interest that we should cover?

– Is there something we should be aware of?

Please fill out the form below or send us an email to feedback@cryptosafetyfirst.com

This post has been crafted by: