How To Secure Your Google Account Data

Last month, nearly five million Gmail usernames and passwords were leaked on Reddit. Unfortunately, this sort of news has become commonplace. It is more important than ever to remain diligent about your security. Thankfully, Google provides a number of security options, and you can take matters into your own hands.

Here is how to secure your data if you use Google.

1. Use Google Apps for Work

If you take the security of your data seriously, you should pay for Google Apps for Work instead of using the free services. For five dollars per user a month, or $50 a user per year, you get the whole of the Google Suite — Docs, Gmail, Drive, Hangouts, and Calendars — with much greater control over security. Google Apps for Work can also be HIPAA-compliant and is FISMA-Certified. Google also offers 24/7 phone support for Apps for Work users. And you can use your own domain instead of sporting an email address.

As a consumer Gmail user, you don’t get any of these guarantees. If you lose your data and do not have a backup solution, tough luck. There is no phone number if your consumer account gets hacked or you lose access to your data, either.

If you love Gmail and are serious about security, pay for Google Apps for Work.

2. Enable Two-Step Verification

More accurately referred to as “cellphone confirmation” by Yahoo’s David Pogue, two-step verification is probably the best way to actively protect your account from security threats.

Two-step verification confirms who you are by requiring you to enter six random numbers that are either sent via text or provided with an app available on Android or iOS. Presuming you are the only person with access to your cellphone, brute-force password attacks on your account become near impossible to execute.

While this adds a bit of complexity to your routine, its benefits easily outweigh the (very) slight hassle. Google allows you to approve devices that do not constantly need two-step verification, such as your home office, and will generate complex passwords for apps that use your Google account but do not support two-step verification. It is also worth noting that the Google authentication app works offline — making it preferable to text-message verification.

3. Check What Apps Are Connected To Your Account

You probably use your Google account to log into at least some third-party services, and this could result in a security hole.

To check what apps and devices you have approved for access, simply go here. If you do not recognize a service or piece of hardware that has access to your account, revoke it immediately. I typically check what devices and services have access to my account once every three months.

It would be wise to do the same thing to your other accounts, like Facebook and Twitter, that allow you to connect third-party app.

4. Use Strong Passwords

A Microsoft study has shown that frequently changing your passwords does not help prevent security breaches. Don’t bother. Instead, focus on creating a strong passwords that are unique to each service you use.

You can use something like SafePasswd to randomly generate passwords, but you should probably use LastPass, 1Password, or a similar password safe to help you remember all of your logins.

5. Keep Your Browser Updated

All modern browsers provide regular security patches and other updates. All you need to do is let your browser update itself. You should also regularly check your plugins and extensions and remove any you do not use or recognize, or that are no longer updated.

That said, different browsers handle security threats differently. If you are looking for the most secure browser to use, read TipTop Security’s excellent post highlighting each browsers strengths and weaknesses. If you really want to lock down your browsing, WhiteHat Security’s browser Aviator is certainly worth a look.


  1. Avatar Jeff Taylor says:

    Good discussion, but just a small correction. Google Apps is now called, Google for Work, not Google Apps for Work (or Google Apps for Education if you’re in a GFE school).

    Also, Google Authenticator is not needed for 2-Step authentication, only to confirm 3rd Party apps. You can utilize 2-Step separately (via text) from Authenticator. You talked about this, briefly, but it’s two separate sign-on/authentication methods.

    So I guess that’s two clarifications.

  2. Avatar Just a Guest says:

    ‘Tried to sign up for Google Aps for Work. ‘Was confronted with a two-option stop: (1) give Google my domain name and prove that I own it, or (2) buy an apparently fake domain name from Google! Booooooooooooo. (1) I don’t have and don’t need a website, and (2) any fake “domain” I set up with gmail would surely run afoul of the entity that actually uses that domain name for a website. What gives?

  3. Avatar Sam Glover says:

    After accidentally deleting my Google Apps for Work account (my fault, not Google’s), I learned some important things.

    1. There’s no undelete for Google Apps accounts (there sort-of might be for user accounts, but not if you delete the entire domain.
    2. It’s a good idea to back up your important Google stuff. Make sure your contacts and calendar are synced up to your computer (not just your phone or tablet). And use Outlook or the built-in mail app to sync up your email using IMAP.

    If you make the same mistake I did and you’ve done those three things, you can avoid losing anything critical.

Leave a Reply