Digital Sky Solutions Blog
The Unofficial Guide to Comprehensive Google Account Security
There is no denying that a Google account is a very valuable thing to have today, and if valuable doesn’t seem like the right word to use, let’s say practical. Business and casual users alike use the wide variety of services for many purposes - but are they doing so safely?
Unfortunately, the answer that applies to far too many of these users is a resounding “no.”
Why is that?
Many don’t know how to properly secure their account. For that matter, they don’t know why doing so is so crucial.
I plan to fix that today, starting with just that: why you need to treat your Google account credentials like gold.
Why Your Account is So Valuable
Many of us entrust the Internet to keep our personal data safe, accessible to only us. This is despite the fact that the Internet has always been about sharing information - the word itself comes from the words inter- (meaning reciprocal, or shared) and network (a system of connected things).
The Foundations of the Internet
From its origins, it was designed to provide access to information to everyone. In 1962, J.C.R. Licklider of MIT wrote memos that describe what he coined the “Galactic Network.” This network, again, was designed to share data and programs across computers that connected to span the world over. In fact, the man credited with inventing the World Wide Web as we know it today, Sir Tim Berners-Lee, knew more or less immediately that the Internet had to be built on principles of access and openness. In his own words,
“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”
This attitude created the Internet that we see today: a space where there is, on a very fundamental level, no centralized point of control. This helps to promote an accessible environment that doesn’t cooperate with censorship very well, where the open concepts of net neutrality and universal group participation can thrive.
Considering how much the Internet was built upon the concept of sharing, it almost seems hilarious that we try to keep anything on it private.
Changes With the Times
However, as different uses for the Internet developed, the need for security and privacy developed as well - otherwise, there would have been online anarchy. Communications often contain critical information that needs to remain confidential, while contradictorily needing to be shared with others with the authority to view it. This complex pattern of requirements ultimately demanded that services be developed which focused on this internal openness, protected by a wall of privacy and confidentiality.
The place where this is most obviously apparent, of course, is in the business setting, where information needs to be shared on an internal, need-to-know basis, yet be shared efficiently. There is also no ignoring the interpersonal benefits of the Internet, which we can leverage as individuals for personal growth and management. This is why we have tools like the ones that many providers, including Google, offer for both business purposes and individual use.
Let’s consider what Google offers for a moment.
Of course, there’s the Google search tool, but Google provides far more that just web search capabilities nowadays. Many businesses today leverage its G Suite applications to enhance their operations and internal collaboration, including Google Drive, Google Docs, and Business Directory. Private users have found uses for many of Google’s services as well, like Google Maps, and leverage Google Drive for their own purposes.
Both have heavily used Gmail for a variety of uses - especially for creating accounts and signing up for other web services.
Have you ever stopped and really thought about how much you rely on Google for access, how much you entrust to that single account? How much could potentially be exposed if that one account was compromised?
Let’s run through just one scenario to examine the true impact of Google’s involvement upon a user’s computing infrastructure.
Taking Features Into Account
One feature of a Google account is the ease at which you can create and then access accounts for other online services. If logged into Google, you can save passwords - many popular sites even have the option to create a new profile using your Google account. All that many accounts require to get started is a valid email - something that every Google account comes with through Gmail.
As a result, many people simply use their Gmail account to create all of their other accounts - which, to be frank, makes sense. Google has reasonable security standards, and consolidating what things need to be remembered makes it easier to actually remember them. Plus, the ability to save passwords used in the Chrome browser is a really convenient feature, right?
However, there is one consideration that many overlook, one with heavy implications regarding the importance of account security. Are you ready to hear it?
Setting up an account with Google inexorably links that account, and its security, to that of your Google account.
This means that, if someone were to gain access to your Google account, they’ve just gained access to every account that account had access to.
Here’s a fun experiment: if you’re on a desktop, click here to view your Google account. Under Sign-in & security, click “Apps with account access.” You’ll see a list of all of the applications that can access your account, as well as a list of all the websites that you’ve saved your credentials to with Google Smart Lock. How considerable is your list?
Does that list include your bank? If it does, you could be fairly easily exposed to financial fraud and abuse. Think about how relatively simple it is to change a forgotten password. If someone had access to your email, they could do as they pleased, effectively locking you out of your own bank account by hijacking the “Forgot password?” feature on your bank’s website.
In a manner of speaking, this feature can turn your Gmail account into a password manager (of sorts) for hackers.
However, there is also no denying that Google’s services are useful. As this very article began, the practicality of leveraging the tools that Google provides cannot be understated, which means that the impracticality of moving away from this convenience is too great to consider as a valid option.
Fortunately, there is way to help your situation: fully locking down and securing your account.
Now, you may be thinking something along the lines of, “Ha, yeah, easier said than done,” and you’re somewhat right about that. There is no magic option in Google that will automatically make everything perfect and protect your Google account against all threats. If only, right?
That being said, there are precautions that you can take to help reduce the likelihood of something unfortunate happening to your account, like a breach.
How to Keep Your Account Safe
As we go over some of these activities, it is important to keep in mind that many are just that - activities. Things that you do, consistently. Securing any solution is a commitment, and Google is certainly no exception.
Below, we’ve compiled a how-to list, describing all of the steps and processes that you need to see to completion in order to properly lock down your Google account.
Passwords and Basic Account Security
Naturally, you will want to make sure that you are exercising password best practices with your Google account, especially in terms of keeping your access credentials appropriately confidential. You also will need to be appropriately aware of where you are accessing your Google account from.
For instance, you don’t want to utilize any public points of access to log into your account. Not only are these effectively breeding grounds for malware and other threats of that nature, there’s too high a risk that a cybercriminal will be able to access your account after you were done. The computers available for public access in libraries and similar places may seem handy, but truly are problematic in terms of security. You also need to be careful that you aren’t using a public Wi-Fi signal to access the Internet for very similar reasons.
Two-Factor Authentication (2FA)
In addition to these practices, you should also lock down your account with effective two-factor authentication processes.
What does “effective” mean? Simple - there are multiple kinds of 2FA. Some is based on text messages, and some is based on a mobile application, like Google Authenticator. You’re going to want to use the latter, as it is the more secure option. Texts can be hijacked, after all.
Finally, you can access a one-time use list of authentication codes that can be used if you don’t have access to your mobile device at a given time. These can be reset at any time, preserving your security, even if you lose the list. So, don’t be afraid to print out this list and keep it with you as a backup.
Again, for more details on all of these security features and more (and to set them up), log in to your Google account.
Remember, in today’s day and age, your Google account security is just as important as your bank account security. For more help locking down your Google account, as well as the rest of your business’ cybersecurity, reach out to Digital Sky Solutions at (250) 483-5623.