I don’t usually think about my Google Account security until a news story or a security checkup prompt pops up. For the most part, I assumed I had the basics covered with a strong password and two-factor authentication.
Google Accounts are a high-value target because they’re tied to almost everything, whether it’s Gmail, photos, files, YouTube, or even payments.
Most account compromises don’t result from reused passwords or old devices still signed in. Even with two-step verification enabled, security gaps can remain unnoticed.
That’s what made me finally run a proper check.
I quickly realized that I had overlooked a few important details.
I was still signed in on several old devices, some apps had permissions I didn’t remember granting, and a couple of settings were still using default options that I hadn’t revisited in a long time.
Changing those settings took a few minutes, yet it made my account feel more locked down.
I started with Google’s Security Checkup
The first thing I did was go straight to Google Security Checkup. It’s the quickest way to get a snapshot of what’s going on with your account, and more importantly, what might need attention.
You can access it by going to the Google Account website. Click Security & sign-in and select You have security tips. It provides a step-by-step review, so you don’t have to go through settings yourself.
The page breaks everything down into a few key areas: devices, recent activity, sign-in methods, and third-party access. You go through each one individually, confirm what looks right, and fix any issues.
For me, it highlighted two areas that required fixing: devices and connected apps.
I noticed a couple of old logins from a laptop and phone I don’t use, so I signed out of those right away. I also removed a few apps that still had access to my account even though I hadn’t used them in months.
It only takes a few minutes, but it’s the fastest way to spot things you may have forgotten about.
I tightened my 2-step verification setup
I already had two-factor authentication turned on, but going through it properly made me realize I’d set it up once and never really revisited it.
Inside my Google Account’s Security & sign-in settings, I clicked 2-Step Verification and checked what methods I was using.
Like most people, I was relying on SMS codes, which work, but aren’t the most secure or reliable option. So I made a few changes.
First, I made sure Google Prompt was enabled on my phone. It’s faster than typing codes and generally more secure since it’s tied directly to your device.
Then I added an authenticator app as a backup, so I’m not dependent on my SIM card if something goes wrong.
I reviewed third-party app access
On the Google Account page, there’s a tab for Third-party apps & services. It lists all the apps, websites, and services you’ve signed in to using Google.
As I went through it, I realized how much had accumulated over time. There were several apps I had tried once and forgotten about, as well as services I no longer use.
I went through the list and removed anything I didn’t actively use. It only takes a couple of clicks to revoke access, and there’s no reason to keep old connections around “just in case.”
I updated my recovery options
In my Google Account’s Security and sign-in settings, I scrolled down to Recovery phone and Recovery email.
I verified the backup phone number and email linked to my account. That’s when I noticed I hadn’t verified my recovery email in a while.
I ensured the phone number was correct and that I could still access the recovery email without issues. If either of those is outdated, it can make account recovery much harder when you need it.
I also checked the Backup codes generated during the 2-step verification. If you’ve never saved them, it’s worth doing. They’re your fallback if you lose access to your phone, and they’re easy to overlook until it’s too late.
I checked every device signed in to my account
Navigate to Security & sign-in > Your devices to view a list of all devices currently signed in. Any device that stays logged in is a potential access point, especially if it’s no longer in your control or you haven’t used it for a long time.
I had already removed my old laptop and phone while running the Google Security Checkup earlier, but I still went back to this section to double-check everything.
10 Android security settings you should change right now
Keep your phone safe by tweaking a few security settings
Securing my Google Account only took a few minutes
After reviewing the security settings of my Google Account, I made several changes.
I removed old devices that were still signed in, enhanced my two-step verification by adding stronger backup options, deleted third-party apps that no longer require access, and updated my recovery email, phone number, and backup codes.
If anything ever goes wrong, these changes reduce unnecessary access points and make account recovery more reliable.
