Google account probably has a lot of sensitive information about you,
especially if you use Google apps, services, or an Android device. It's
important to keep this information private and secure, but Google can (or will)
only do so much without your consent. A lot of it's up to you.
Thankfully, it's quick and easy to jump in and start locking down your personal data. It's all done from your Google My Account portal, which is a website hub for your account settings.
For staying safe and private online, we'll look at three pages of the site:
- Data and privacy
- Personal info.
These each have their own subsections containing settings and features, some of which double-up between the three pages.
To get started, you'll need:
- your Google account password (you'll be asked for it a lot)
- any two-factor authentication device or app already attached to your Google account.
In this article we look at the settings in Personal info, Data and privacy, and Security.
Is it worth the hassle?
Taking control of your online privacy and security might seem like a pain, but it's well worth it. Getting hacked, scammed or having your identity stolen is a genuine danger in today's world.
Your Google account is one of the most important places to lock down because of how far it reaches and how much data it has on you. Even if you don't regularly use Google services, you might be surprised how much data's in there.
Some of the personal information in your account can be used for over-the-phone authentication for banking or government services.
Your Google account is one of the most important places to lock down because of how far it reaches and how much data it has on you
If you use Gmail, you want to make sure it's as locked down as possible because lacklustre email security is like playing with fire. For example, whenever you sign up to a new service, you get an email with your member or account number, login details, etc. Or if you click 'Forgot my password' on any online service, you'll be sent an email with a reset link. The list goes on.
If you've been lax with security up till now, you might just be lucky. But luck eventually runs out, whereas good online habits will keep protecting you.
The Security section is where you control how easy it is to access your account, and therefore how hard it is for someone to break in or steal your data.
If you have security recommendations, they'll be listed at the top. Click Protect your account to view them and expand each one by clicking the down arrow on the right. This can be a quick way to cover the important basics.
Setting up Google's 2-Step Verification
We've championed the importance of multi-factor authentication previously, and Google's 2-Step Verification (2SV) is equally vital.
The short of it is: passwords are a weak, single layer of security that can be cracked in any number of ways. By adding a second layer, which by itself is more secure than just a password, your safety goes up considerably.
Google's second layer often relies on a second device such as a phone or tablet to authorise login attempts on new devices or browsers.
To get started, click 2-Step Verification under Signing in to Google.
During set-up, Google asks for your phone number, but you don't have to provide it – if you click Show more options you can choose Security Key (such as a Yubikey) or Google Prompt, which sends a pop-up request to your elected Android phone, as your authentication methods. We only recommend Security Key for the ultra security-conscious.
Don't fret over the decision. Once you've set up 2SV, you can change your authentication methods.
You'll also need a backup option. If Google Prompt or your phone number is your primary authentication method, avoid using the other as your backup. Both require you to have access to your phone, so if you lose your phone or factory reset it, you can get locked out of your account.
During set-up, the only other recovery option is using backup codes. This is a list of 20 randomly-generated, one-use numbers.
Make sure you record these numbers somewhere memorable and safe (e.g. in an encrypted folder or locked drawer).
Once you've set up 2-Step Verification, you can select additional authentication methods such as the Google Authenticator app.
Google Authenticator is an app for Android and iPhone that acts as a 2SV tool for many online services. For each linked account, it generates a new six-digit number every 30 seconds that you use when prompted.
To set up Google Authenticator, click on it under Signing in to Google and then + Set up authenticator.
A QR code along with instructions will appear. Download the Google Authenticator app on your phone or tablet, then follow the instructions on your browser to scan the code.
In your browser, click Next then enter the code from the app. Click Verify to finish.
It should go without saying that if you use your phone for authentication or to access sensitive information, it should have some kind of security lock such as a PIN, login password, fingerprint security or face recognition.
If not, anyone with your phone can access or hijack your accounts.
More recovery options
If there's suspicious activity on your account, Google can use a recovery phone or email to contact you. More likely, you'll use this feature to recover your account if you're ever locked out.
Make sure any recovery phone number or email address you provide is secure and trustworthy.
To add either option, go to Ways that we can verify that it's you and click Recovery phone or Recovery email and follow the prompts.
You can view and manage every device that has access to your Google account.
Click Manage all devices and look for inactive or unfamiliar ones. This overview shows you how long it's been since a device accessed your Google account, but by clicking More details you can see your first login date, an approximate location, and which browsers are signed into your account on that device.
To remove a device, click the on the section including its name and details then Sign out > Sign out. This logs out of your account on that device or browser, but apps on that device might still have access and will need to be managed separately.
Third-party apps and services with account access
If you've ever used your Google account to sign into an app or service, you've agreed to share some of your data. It's a good idea to go through and clear out old and unused permissions, and also see what kind of data is visible to each.
You can remove app permissions via two locations.
- Third-party apps with account access
- Signing in to other sites > Signing in with Google.
Select an app to expand it and see what permissions it wants, as well as when you allowed it. Click Remove Access to revoke its permissions.
To view service permissions (which includes some apps), go to Signing in to other sites > Linked Accounts and click Unlink. You can't expand these services to see what data you've shared with them.
Keep in mind, the next time you use your Google account to log into an app or service you've removed, it will regain access.
The Data and privacy section of your My Account portal controls what data Google tracks, what it stores, and who it shares it with.
If there are privacy suggestions at the top of the page, click Review suggestions to see them. They can be quick and easy wins for your online privacy.
Data shared with Google-owned apps
Google keeps tabs on all kinds of online activities in Maps, Chrome, the Play Store and beyond. To view and control this data, click on Web & App Activity in the History settings section.
From this page, you can turn off a large chunk of tracking data across your Google services, either wholesale or on a per-service basis.
To turn it all off, click Saving activity then Turn off. But before you do, click Learn more to learn how this might affect you.
For individual apps, click the relevant icon under See and delete activity. For the full list, click + View all.
An important setting is Auto-delete, under which it should tell you how long your Google data is kept. You can choose to wipe it clean at three, 18 or 36 months.
Or you (and Google) can keep your data indefinitely by selecting Don't auto-delete activity.
Your Google location data
The topic of how and why Google tracks your location is a notorious rabbit hole. But it's surprisingly easy to control, delete or disable it.
Select Location History under History settings.
Click Turn off to disable it across all your devices or choose a maximum time Google will store it for, after which it's deleted.
To see what Google currently has on you, click Manage history.
From here, select a red dot on the map, then click on it again to see a day's worth of travel. Click the Garbage bin icon to delete that day.
Your YouTube history
Like many streaming services, YouTube tracks what you watch and search for to make predictions about other content you'll like.
Under History settings, click YouTube History to view your current settings.
Disabling it (click Turn off) means no more accurate suggestions about videos on the YouTube homepage.
But YouTube's Subscriptions tab will still display videos from channels you subscribe to in chronological order.
And you can still discover new content via the Explore tab's categories such as Sport, News, Trending, Gaming, etc.
Google's personalised ads
Google uses your data to help advertisers target you with relevant ads. You can turn this off by clicking Ad personalisation under Ad settings then clicking the on/off toggle.
If you have ad personalisation turned on, you can see some of the information Google uses such as your age and preferred language.
You can also limit the number of ads from sensitive categories such as alcohol, dating, pregnancy and parenting, gambling, and weight loss by clicking See fewer next to each option.
For even more control, click Find out how to control the ads that you see.
Sharing your fitness and activity data
If you use the Google Fit app, Google uses this data in a number of ways. Under Google Fit privacy, click Manage Google Fit privacy to view your options.
From here, you can delete certain types of data such as Height, Activity and sleep, Distance, Weight, and more via Manage Fit data.
You can also review what devices are connected to Google Fit, see what data is shared with Google Assistant, and manage which Google Fit data is used to personalise ads.
What parts of your Google profile can other people see?
Some of your Google data can be visible to the public. Go to the Info that you can share with others section and click on Profile. Here, each line of your profile info displays an icon to show if it's set to Only you (private) or Anyone (public).
This is also true for your contact information, anything you've added to your About section, and your work or education experience.
To edit these privacy preferences, click on the relevant piece of info then select Only you or Anyone.
Like many online accounts, your Google profile has information such as your name, date of birth and gender, as well as contact information, various profiles for Google services, and accessibility options.
Some of this can be controlled via the previously mentioned Info that you can share with others section, but not all of it.
The Basic info section is where you can edit your name, account photo, birthday, and gender.
Editing these also lets you adjust their privacy settings (private or public), but you have to click each bit of information to see its status.
The Contact info section has more options than you might think. On top of the email you use as an account login, you can add a recovery email or phone number (advisable) or change your contact email.
You can also add alternative email addresses. An alternative email can be used to sign into your account, but you can't use another Gmail address or an address linked to another Google Account.
You can also set an alternative email as private or public. For example, you can make your Google login email address private, while adding a new email address and set it to public. In many instances, the public address will be the one people see and use to contact you.
At the end of the day, online safety might cost a bit of time here and there, but it's nothing compared to the hassle and stress of recovering accounts, money, or your identity further down the track.
Stock images: Getty, unless otherwise stated.