How to Lock Down Your Google Account With 10 Minute Security Hardening

If someone gets into your Google Account, they can see your Gmail, reset passwords for other sites, read your Drive files, and even lock you out. The good news is you can make your account much harder to hack in about ten minutes. Use this quick hardening checklist. You only need your phone and a browser.

Before You Start

Open your Google Account settings in a web browser.
Go to myaccount.google.com and sign in.
Use a trusted device, such as your personal phone or home laptop.

Step 1: Run a Fast Security Checkup

Go to the Security section and open Security Checkup. Follow the on-screen suggestions and fix anything marked as a risk. This shows your devices, activity, and sign-in settings in one place.

What to do during the checkup:

Follow the prompts one by one
Fix anything marked as a risk
Save changes as you go

This gives you a clear view of your devices, recent activity, and sign-in options in one place.

Reference: Google Account website → Security section

Step 2: Change Your Password the Right Way

Change your password even if you think it is safe. Use a long password with letters and numbers, and never reuse it on other websites. A password manager makes this much easier.

How to create a strong password (without stress):

Make it long (at least 14–16 characters)
Use a mix of letters and numbers
Avoid names, birthdays, and common words
Never reuse it on any other site

READ

How To Use ChatGPT For WordPress Content, SEO, And Blog Planning

Best tip: Use a password manager so you don’t have to memorize complex passwords.

Where to change it: Google Account → Security → Password

Step 3: Turn On 2-Step Verification

Enable 2-Step Verification from the Security section. This adds a second confirmation when you sign in, which protects your account even if someone knows your password.

In the Security section, turn on 2-Step Verification.

Choose a strong second step:

Google prompts on your phone (recommended for most users)
An authenticator app (works offline)
A security key (strongest option, if available)

Try to avoid SMS codes if possible. They are better than nothing, but can sometimes be intercepted.

Step 4: Add Backup Options (So You Don’t Get Locked Out)

Add a recovery phone number and a recovery email that you always have access to. These help you regain your account if you lose your phone or forget your password.

Do these two things:

Add a recovery phone number you control
Add a recovery email you can always access

Save your backup codes:

In 2-Step Verification settings, generate backup codes and store them safely (password manager or a secure printed copy).

Why this matters: If your phone is lost or broken, backup options can save your account.

Step 5: Remove Old Devices and Unknown Sessions

Check your devices in the Security section. Sign out of devices you do not recognize or no longer use. This removes hidden access points.

Go to Security → Your devices.

READ

Why Fast Charging Turns Into Regular Charging: 9 Common Reasons And Easy Fixes

What to do:

Review the list of devices
Sign out of anything you don’t recognize
Remove devices you no longer use

If you see anything suspicious, change your password immediately after removing those devices.

Step 6: Check Recent Security Activity

Look at the Recent security activity to see recent sign-ins and changes. If you notice anything unusual, change your password and review your recovery details immediately.

Go to Security → Recent security activity.

Watch for warning signs:

Sign-ins from unfamiliar locations
Prompts you never approved
Password changes you didn’t make
Recovery info you didn’t add

If something looks wrong:

Change your password immediately
Review recovery email and phone number
Recheck devices and third-party access

Step 7: Remove Risky Third-Party Access

Check Third-party access and remove apps or services you no longer use or trust. Unknown access should be removed right away to reduce risk.

Go to Security → Third-party access.

Use this rule:

If you don’t use it, remove it
If you don’t trust it, remove it
If you don’t recognize it, remove it immediately

Also check Gmail forwarding:

Open Gmail settings and make sure no unknown forwarding address is added. Attackers sometimes add forwarding to secretly receive your emails.

Step 8: Upgrade to Passkeys (If Available)

If your device supports passkeys, enable them in sign-in options. Passkeys reduce phishing risk and still work alongside 2-Step Verification.

In Google Account settings, look for Passkeys or Sign-in options.

READ

Netflix Error Codes: Complete Guide To Common Problems And How To Fix Them

Simple approach:

Keep 2-Step Verification enabled
Add a passkey to your main phone
Confirm you still have a recovery method

Make sure you can still sign in on your laptop and other important devices.

Step 9: Turn On Security Notifications

Make sure Google can send security alerts to your recovery email and phone. Do not ignore unexpected sign-in prompts, as they may indicate someone is trying to access your account.

Check the following:

Security alerts are enabled for your recovery email
Your recovery phone can receive alerts
You do not ignore repeated sign-in prompts you didn’t request

Unexpected prompts can mean someone has your password and is trying to bypass the second step.

Step 10: Do a Final Quick Review

Confirm your password is unique, 2-Step Verification is on, recovery options are updated, and unknown access is removed. These basics cover most account security risks.

Final checklist:

Password updated and unique
2-Step Verification enabled
Backup codes saved
Recovery phone and email updated
Unknown devices removed
Third-party access cleaned up

If you want to go further later, you can review privacy settings, ad personalization, and data sharing. However, the steps above cover the most important account protection basics.

❤️

If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.