Google has expanded far beyond being a search engine; it’s an ecosystem. It’s deeply connected to much of the Web, through its many web properties, social logins, and connections to apps. Google knows more about you than almost any other entity on Earth, including governments.
Do you use any of these Google products and services?
- Google Search
- Google Calendar
- Google Drive
- Google Docs
- Google Voice
- Google Maps
- Chrome OS (operating system for Chromebooks)
- Google Chrome
- Google Photos
Chances are you use not just one, but several. Think of how much of your data is stored by Google!
And if you use your Google account to log into other websites, then someone who gains access to your Google account gains the keys to those other accounts.
Google is known for building strong security into its software. However, Google is also known for not respecting user privacy. As an advertising company, it’s in Google’s best interests to collect data about its users and use that data for its advertising.
For these reasons, it’s critical that you take the time to set your security and privacy settings in your Google account. Let’s walk through them.
The links throughout the guide will take you directly to the pages referenced.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
Note: this post contains affiliate links.
Google Account Settings
From a Google website (Google search, Gmail, Google Drive, etc.), click your profile photo in the top right corner of the screen, then click Google Account. You’ll see a menu on the left side of the screen with various categories of settings. We’ll go through them in order.
Birthday: Click Birthday, then Sharing settings. Scroll down to Gender, birthday, and more. Next to Birthday, click the privacy indicator. I strongly recommend you set this to Private. If you insist on showing your birthday, click Edit at the top right of the Gender, birthday, and more box, uncheck Show year, and click OK. Learn more.
Return to Personal info. Click Password. Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). I recommend using a password manager, such as LastPass, to create and store your password.
At the bottom of the page, click Go to About me.
On your About me page, edit the info and set privacy as needed. I strongly recommend that you limit what you share here. This info can be used to personally identify you.
In the Activity controls box, click Web & App Activity. Scroll down and click SHOW ALL ACTIVITY CONTROLS to show all the available controls on one page. I recommend toggling all items to disabled/paused to limit the amount of info Google stores about you.
In the Activity and timeline box, click My Activity. In the menu on the left, click Delete activity by. Here you can delete any info you’d like from your Google activity. I recommend deleting anything you don’t truly need Google to save. Learn more about how to use this feature.
Return to Data & personalization. In the Activity and timeline box, click Timeline. You’ll see a Google Map. In the bottom right corner you’ll see a gear icon. Click it to see options, including Delete all Location History. Learn more about managing and deleting location history.
If the page says Security issues found, click Secure account. Act on the results as necessary.
Click 2-Step Verification. Here you can add one or more options for your second verification step. If you have a security key, enable that option (I like the YubiKey – aff. link). The next best choice is Authenticator app, for which you can use the Authy or Google Authenticator apps. Text messages can be spoofed and intercepted, so it’s better to use the authenticator app or security key options than the Voice or text message option.
Regardless of which other options you choose, create backup codes. Save the backup codes somewhere secure; I use the Notes field of the entry in LastPass (aff. link).
Learn more in How & Why to Use Two-Factor Authentication.
In the Location sharing box, click Manage location sharing. This page shows you location sharing as set on your mobile devices. Adjust your settings here and/or on your mobile device, as needed.
In the Payment methods box, click Manage payment methods. Remove any payment methods you don’t want in your Google account.
Using Your Google Account Safely
Every few months, run the Security Checkup. Act on the results as necessary.
Every few months, run the Privacy Checkup. Act on the results as necessary.
Google owns many products and services. You should review your security and privacy settings inside each of those as well.
If you use someone else’s device (computer, phone, tablet, etc.) to log into your Google account, be sure to log out when you’re finished! Otherwise, the other person can use Google as you after you leave.
Some websites let you log in with your Google account. Don’t use this option! If someone hacks your Google account, they gain access to all the accounts you’ve set up for Google login. Yes, it’s more work to create separate logins for each site, but remembering the logins doesn’t take any extra effort if you use a password manager (I like LastPass).