This resource will be reviewed shortly.
If you think this resource contain inappropriate content, please report to webmaster.
1. Deciding on whether to turn on or off web & app activity in the Google account settings
I want to begin with a precautionary measure. That is whether to allow Google to document our web and app activity. Whatever we do in the Google search engine is being documented, and this is one of the first things anyone can easily get to if our account gets hacked. These days, everyone tends to search for things they are curious about in the Google search engine, and if this gets to the wrong hands, they will know your whole history about what you are searching from day to night since you started using Google. But, at the same time, keeping turned on this feature has its own advantages too. It helps you to get better recommendations and personalized experiences in using Google products. So, it's up to you to decide on it.
How to do it?
I. Open Google account-settings
II. Under Data & Personalisation, there will be a section called activity controls. In that section, select web & app activity.
III.From the following page, customize how you want to control your activity, or you can turn it off entirely.
2. Keeping a strong password
This is the first layer of our account's security, and it demands extreme care while creating if we want to protect it from the wrong hands. The era of typing "my password" or simply "password" itself for the password is long gone, and also it's highly ineffective. If you do this in current times, you wouldn't even stand a chance against the hackers, and your account will be hacked in seconds. So, if you want to bolster your first layer of security, you need to pay a good amount of attention while creating the password. Make the password complicated and messy so that only you in the world can remember. To do it, you can add symbols, numbers, and a mix of uppercase and lowercase letters. Trust your brain, and it's the best password manager you will ever get. I know it's a tough challenge for remembering all the passwords, but you need to figure out a pattern for creating passwords that only you can know. What we are dealing with are the programs that can hurt your account using dictionary attacks, so take special care not to create passwords with any dictionary words. That's why your password needs to be messy and lengthy.
3. Turning on two-step authentication
Assume that you compromised your password by using the same password for any other website that later turned out to be malicious. So, what are you going to do then? That's when the importance of two-step authentication comes to play. By turning on this feature, you are getting an extra layer of protection even after your password gets compromised. There are many options for two-step verification to choose from, and it can be via SMS, Gmail prompts, backup codes, authenticator, or the physical security key. But I personally recommend using a physical security key, authenticator or Gmail prompts when compared to the SMS verification, as it is more secure, and care should be taken to use SMS verification as only the last resort. At the same time, having an SMS verification is better than having no verification at all.
When it comes to backup codes, you can have as many as nine backup codes, and after each use, the used code will get expired. If you happen to be stuck, because of any network issues, you can use these backup codes without depending on SMS.
The last option, but a powerful one is to use Google's physical security Key. With this, you don't need to spend your time getting SMS verification or prompts. The only thing you need to do is plug-in the security key to the device from which you are trying to login. There are many devices available in the market for achieving this purpose, which include Google's Titan security key and Yubikey 5 NFC. You can choose the product that best reflects your needs.
4. Adding a recovery email and phone number
If you are not a fan of two-step verification methods and demands quick access to your accounts, you still need to add a recovery mail and phone number to avoid the risk of losing your account. We are humans, and sometimes we tend to forget passwords. If we neither have two step verification or recovery options turned on, there won't be any option left to recover your password. If we contact Google, they will ask you about your contact email, and that will be the end of your recovery. They will only tell you that they couldn't identify you as the owner of the email you provided. In some cases, when you remember the last password used and other minute details they ask, maybe there is a little chance of giving you back the access to your account. You don't want to gamble with your account, do you? So, it's better to be loaded with all the contingencies to keep your access to your google account.
5. Reviewing security activity
There is a place where you can find your recent logins and make sure everything is okay with your account. It's under the security tab in the Google settings, and there you will find an option called review security events. When you click on that option, you will find the login record for the past twenty-eight days. If you find anything suspicious in that record, especially an activity from a different location, then you can take action by changing the password.
With all of the above measures, we can protect our account to some extent. Right now, this is all we could do, and maybe in the future, we will get more secure ways to login and defend against anyone tracking us. Let's wait for the dawn of that day.