How to Secure Your Google Account

How to Secure Your Google Account (Step-by-Step)

If your Google account gets compromised, it’s not just email—you’re risking your photos, files, passwords, and even your identity. This guide locks it down properly.

Step 1: Start with a Strong Password

What to do:

1. Go to your Google Account → Security

2. Click Password

3. Enter a long, unique password

Best practice:

• Minimum 12–16 characters

• Use a mix of words (e.g. BlueCarpet$River98)

• Never reuse passwords across sites

Tip: Use a password manager (Google or Apple both do this well)

Step 2: Turn On Passkeys (The Future of Logins)

Passkeys replace passwords with your device (fingerprint, Face ID, or PIN).

What to do:

1. Go to Security → Passkeys

2. Click Create a passkey

3. Follow prompts on your phone or computer

Why this matters:

• No password to steal

• Resistant to phishing

• Faster sign-in

If you do nothing else on this list—do this.

Step 3: Add a Recovery Phone Number

This is your safety net if you get locked out.

What to do:

1. Go to Security → Ways we can verify it’s you

2. Click Recovery phone

3. Add your mobile number

4. Verify via SMS

Important:

• Use a number you always have access to

• Keep it updated if you change numbers

Step 4: Add a Recovery Email Address

This is your backup to the backup.

What to do:

1. In the same section, click Recovery email

2. Add a second email address (not your Google one)

3. Verify it

Best option:

• Partner’s email

• Work email

• Another personal account

Step 5: Turn On 2-Step Verification (2FA)

Even with a password, this stops hackers.

What to do:

1. Go to Security → 2-Step Verification

2. Click Get started

3. Choose your method:

   • Google Prompt (best)

   • Authenticator app (strong)

   • SMS (better than nothing)

Recommendation:

• Use Google Prompt or an Authenticator app

• Avoid relying only on SMS

Step 6: Run the Google Security Checkup

Google will tell you what you’ve missed.

What to do:

1. Search “Google Security Checkup”

2. Review:

   • Devices signed in

   • Recent activity

   • Connected apps

Remove anything:

• You don’t recognise

• You no longer use

Step 7: Check Devices Logged Into Your Account

What to do:

1. Go to Security → Your devices

2. Review the list

3. Click Sign out of anything unfamiliar

Step 8: Remove Risky Third-Party Access

Apps you’ve logged into with Google can be a weak link.

What to do:

1. Go to Security → Third-party apps with account access

2. Remove anything:

   • You don’t use

   • You don’t trust

Final Reality Check

If you:

• Have a weak or reused password

• Don’t have recovery options set

• Haven’t enabled passkeys or 2FA

You’re relying on luck.

Lock it down once, and you’re protected for years.