Google Account
Security Checkup
The quickest way to make basic improvements to your Google account security is to use Google’s Security Checkup feature.
Privacy Checkup
The quickest way to make basic improvements to your Google account privacy is to use Google’s Privacy Checkup feature. Try to pause or turn off everything here.
Use a strong password
As with everything, make sure you use a strong unique password for your email account.
Use 2-Step Verification
Google offers multiple 2FA methods, including SMS, authorization apps such as Authenticator, Authy, Google Prompt and physical Yubikeys. Use a Yuibkey or one of the authorization apps. Avoid using SMS due to SIM swap attacks. You add or update 2FA by clicking on the 2-Step Verification option here .
Remove Recovery phone/email
Don’t use a recovery phone or email. If an attacker steals your mobile number through a SIM swaps or gets access to your recovery email, they can use it to get access to your Google account through this recovery function.
Review and Limit 3rd Party Applications
Some applications can link with your Google account to provide access to your Google services such as Gmail. You should review 3rd party applications that are linked to your account, and any permissions they might have. Remove unused applications, and exercise caution when authorizing new applications access to your account.
Data & personalization settings
You will most likely want to pause both Web & App Activity and Location History.
Sign in Settings
Avoid saving passwords to your google account and using it as password manager. Avoid signing in with Google. Rely on a separate password manager instead.
Consider Enrolling in Google’s Advanced Protection Program
The Advanced Protection Program safeguards the personal Google Accounts of anyone at risk of targeted attacks – like journalists, activists, business leaders, and political campaign teams. It requires stronger 2FA authentication methods, gives better control of third-party data sharing, blocks unknown app installation and adds extra steps to verify your identity during the account recovery process.