Keep your Google account safe
You use your Google account for Gmail, but you can also use it for other apps, including Android phone sign-in and Google Play. For this reason, cracking your password can be much worse than just blocking your email.
Using Gmail to verify other accounts like Twitter, Facebook, Utilities and Banks means that your password reset requests will be forwarded to the hacked account and your hacker will now have full access to large parts of your digital life.
There are some important steps you can and should take to protect your Google password:
Do not use passwords † Creating a unique password for each service you use is the most important rule. By using the same password, hackers can gain access to your data. If you only use one, they can guess your password once and know it everywhere. If you don’t want to write down every password, you can use a management system like PassPack or LastPass to store them digitally. You still need to make sure your passwords are strong and you still need to change them from time to time. Even LastPass has been hacked.
Do not create your own passwords. Many sites offer tips for creating memorable and strong passwords, but they are never as secure as letting the machine do it. People fall into patterns and tend to put numbers, symbols, and capital letters in the same place.
Use a random password generator to generate secure passwords. Most password saving services, including LastPass and Chrome’s built-in password saving feature, offer the ability to generate a password whenever you need to come up with a new password and remember it for you.
Visit chrome://settings/passwords to view passwords stored with Chrome’s secure password storage feature.
Use two-step verification. Two-step verification requires two separate elements: what you have and what you know. You can set up your Google account to use two-step verification, which depends on your password and your phone. When you sign in from a new computer, Google will send you a text message for extra security. Here’s how to set up 2-Step Verification with Google.
Google also has its own two-factor authentication app that can work across multiple sites.
Make sure your secondary email address in Gmail is still valid. Google will use your secondary email address to contact you if your primary email address has been compromised or if you forget your password.
To check your recovery email address, go to gmail.com † Institutions † Accounts and Import † Change password recovery options † Look at the plate Recovery email and make sure it’s right.
Don’t use security questions that Google could use † Consider lying to test questions in a way you remember, but others won’t guess. Write down the name of your favorite stuffed animal as your first pet, or pretend you actually grew up in Narnia.
Delete all registration messages with your password, or use a simple password to register the service and then immediately change it to something more secure.
Update your computer’s antivirus software † Password protection will not help you if someone has compromised your desktop with a keylogger.
Delete all emails with passwords, , especially if you’ve been using the same passwords for a while. To find them, go to your Gmail account and use the search box to look for a link that you may have pointed to “password” or “registration”. Please delete any registration messages you have sent that contain your password, or use it as an opportunity to proceed with the change of your password.