[DOIT] Free Google Security Checkup
As part of “Safer Internet Day 2016” Google is encouraging everyone to do a Security Checkup. As a reward for completing this two-minute task, you'll get a free boost of 2 GB in your Google Drive storage allotment. Even if you don't care about the extra storage, I do strongly recommend that you take the Security Checkup. And when you're done, I have an extra credit assignment for you... |
What is the Google Security Checkup?
It's becoming a more dangerous world every day, both offline and online. So it makes sense to take a good look at your security practices, and ensure that everything is in order. You may remember that last year, Google made the same offer of free online storage for completing the checkup. So YES, you can (and should) do it again. You should see the extra 2GB in your Google Drive account shortly afterwards.
The steps below will help you secure your accounts from unauthorized access, and recover them if they are ever compromised. Here is a guide to what you'll see in the five-step Security Checkup. (That's the link to start the checkup.)
Step One is to add or double-check your account-recovery information, which includes the alternate email address and/or phone number that Google can use to contact you and verify your identity in the event your account is compromised.
Let me emphasize something here, because silly rumors abound. Google doesn't want or need your cell phone number. Nor will they call you at 3am, or sell your number to spammers. HOWEVER, if YOU CHOOSE to provide it here, it can be used to recover your account in the event that it is ever compromised.
Last year, Google gave the option to provide the answer to a secret question that confirms you are who you claim to be. But Google no longer supports security questions as a way to access your account. When I did my checkup, the security question was still there, but with no option to change it. Remove that option if it appears in your recovery section.
Next, check your connected devices to see if anything looks suspicious. For instance, does it show that you logged in from somewhere in Texas when you know you were in Colorado? Does it show that your account was accessed by an iPad, and you have only desktop PCs? If you suspect unauthorized use of your Google account, change its password immediately.
In the third step, you'll check your account permissions and decide whether to allow certain websites and apps to access your Google account. Make sure you recognize, use and trust all of the items that appear here, or remove the ones you don’t. For example, mine showed that Google Chrome, Pushbullet and SMS Backup+ were connected, with varying degrees of access. I recognize those apps, so no action was required. I wasn't sure why Motorola Store had access, so I nuked that one.
Fourth, review your app passwords. This step won't appear for all users. Google generates passwords for apps that don’t use 2-Step Verification. Please make sure you only store passwords for apps you know, use and trust.
Fifth, check your 2-Step Verification settings. This step will only appear if you are using 2-Step Verification. I strongly recommend the use of 2-Step Verification, to add an extra layer of security to your Google account, and other online accounts when it is offered.
If it's enabled for your account, make sure your 2-Step Verification settings are up to date. Use the 2-Step Verification settings page to configure how you will receive verification codes, or to generate a printable list of backup codes that can be used when your phone is unavailable.
Do the Two-Step
“2-Step Verification” is one of the easiest and best protections against account hijacking available. (See my article IMPORTANT: An Extra Layer of Security.) Any log-in attempt requires both your password and your mobile phone. You type in the password and Google sends a one-time code to your phone via SMS message or automated voice call. Even if hackers obtain or guess your password they can’t access your Google account without the access code. (You do have a screen lock on your mobile phone, right?) You can also get a printable list of two-factor authentication codes, to use in the event that you don't have access to a phone.
After 2-step verification is used at least once on a given computer, you can tell Google not to require it again on that particular computer. I’d recommend this time-saving option only for computers that are secured in your home or office, not for laptops that are more likely to go missing.
For Extra Credit (and Protection)
Once you've finished the Google security checkup, I encourage you to read (or re-read) these articles to make sure you've got all the other computer and Internet security bases covered:
- Protect Your Computer With Free Anti-Virus Software
- Computer Security: The Missing Link
- Wireless Network Security Checklist
- Do I Really Need a Firewall?
- Downloading? Watch Out For These Danger Signs
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 10 Feb 2016
For Fun: Buy Bob a Snickers. |
Prev Article: [ZAP!] Don't Buy the Wrong USB-C Cable |
The Top Twenty |
Next Article: Geekly Update - 11 February 2016 |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- [DOIT] Free Google Security Checkup (Posted: 10 Feb 2016)
Source: https://askbobrankin.com/doit_free_google_security_checkup.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "[DOIT] Free Google Security Checkup"
Posted by:
DavidN
10 Feb 2016
How can anyone use *Google* to check for security issues?
EDITOR'S NOTE: Care to elaborate (with facts)?
Posted by:
John Silberman
10 Feb 2016
Thanks for the extra 2 GBs. No changes for my account were recommended. However, I was never asked about 2-Step Verification.
Posted by:
Tom R.
10 Feb 2016
Good article! Thanks Bob!!
Posted by:
Rick Lanier
10 Feb 2016
Thanks Bob...
Posted by:
Paul
10 Feb 2016
I highly recommend two factor authentication, and use it whenever it is available.
Also use complex passwords if possible and don't give easily researched answers to security questions, for example if one of the questions is "what is your pets name?" don't put your actual pets name (especially if other people know it or it's on Facebook, Instagram etc) put something like "furry1912" or "brayh67ghj" and store those answers in your password manager - you ARE using a password manager I hope.
Posted by:
Guy
11 Feb 2016
Just redid my security and got another 2 GB of storage and I do use two factor authentication where possible. Thanks Bob for reminding me.
Posted by:
Daniel
11 Feb 2016
DavidN : I think you are confusing your google account security with the perceived overall intrusiveness of google.
Your Google account has specific services that are available to you. E.g., gmail. Gmail is password protected to keep out people who shouldn't be reading or using it. You get to be the person who decides who has access to your email. There are several other security settings that allow this service to be even more secure from unwanted eyes. The checkup in today's newsletter covers those settings.
It is a worthy philosophical discussion to debate if google and other ad-services track our activity too much. Should they be able to recognize the pages you surf so they can give you a particular ad? Does that invade your privacy and lower your security? Yes it does-- to some degree. But, it also pays for an abundance of "free" services.
It is a tradeoff. In America, we do something similar with "free TV". That is paid for by ads also. The cost is enduring the commercials. With internet services, the cost is the ads that are aimed at you via tracking. (There are a few things you can do to help a little but that would take too long and I think Bob has covered those elsewhere)
If you don't agree with that, don't use any of google's services. Pay for all of your internet surfing, email, searching, etc. Like I said, it is a worthy philosophical question. I have decided to trade a little of my privacy for the many services the "free" part of the internet has to offer.
Posted by:
bob
13 Feb 2016
My biggest frustration with the 2-Step Verification in Google, and the regular similar "demand" for a Yahoo email that I have, is that I have a cell phone. It is not a smart phone and is essentially for emergencies. It is only turned on when I need to use it, and it is always full of messages from telemarketers. There is NO WAY I will use the number as the 2nd Step for any internet substantiation.
I have yet to find a way to have Google, Yahoo, etc. provide an alternative. They all used to accept a 2nd email address---but no longer.
Posted by:
Billy Ross
22 Feb 2016
Thank you, yet again Bob, for keeping us up to date with essential information.