How to Boost your Gmail Security
8th August, 2018 | Cyberprivacy | Entropic
Over the years, Google has continued to evolve the ways they can help improve the level of sign-in security for their users.
Their 2-Step Verification feature, a type of two-factor authentication (2FA), now has several different options and, additionally Google has decided to start producing their own security key.
With these recent events, we thought it would be a good time to review the options, and provide an overview of what methods are currently available to secure your Google account.
Enabling 2-Step Verification can significantly boost the security of your Gmail and Google account by requiring a second piece of information, or action before allowing you to sign in. It should be noted that this feature does not eliminate the need to maintain your password. This is something that you'll need to continue to regularly change, record, and remember.
Regardless of the method you choose, implementing some form of 2-Step Verification is a critical step to enhancing your security on Google. You may have already been coaxed into setting up one of their existing methods of 2FA, which is good. Since the method you enabled may not be the most secure, it's also good to know about all of the other options available, including their pros and cons.
Below we have listed, from best to worse (security, not convenience), the options that Google provides as part of it's 2-Step Verification feature for increasing the security of your Google account. Please note also that the methods provided by Google described below are subject to change over time, as they adapt their security.
How to Enable
To enable 2-Step Verification, go to Google MyAccount, and select Signing in to Google. On the right side, scroll down and select 2-Step Verification.
Features to Avoid
For all types of 2-Step Verification offered by Google, there are convenience features that tend to break down the original vision of 2-factor authentication. So if possible, try to avoid depending on them too much, or at least be vigilant about how you use them.
Some examples are:
- The ability to download and print backup codes that allow you to sign in from devices, in cases where you can't use 2-Step Verification.
Possible Risks: After printing, you might forget that your left a copy of these codes in you Downloads folder, or they might be lying around in your trash after you deleted them, or the printed codes might be intercepted in your baggage while you travel,...and so forth. - Using the "Don't Ask Again on this Computer" checkbox, which defaults to ON.
Possible Risks: If your device is stolen and the attacker has access to it, they also can immediately access your information on Google.
Regular Review
On a regular basis, you should check the following on your Google account:
- Regularly review the Recently Used Devices that you have authorized to access your Google account to see if theres any devices you don't recognize.
- Regularly review the Recent Security Events on your Google account to see if there are any questionable events, such as sign-ins from places you don't recognize.
- Regularly review and revoke all the Devices you Trust when signing in to Google. You can find this in your Google Account Settings, Signing in to Google, 2-Step Verification.
As a final note, despite the efforts of Google to secure their services, which includes the array of sign-in security options they provide, the single biggest vulnerability of their services is that they are centralizing the storage of their users information in one place.
This means that regardless of the blocking techniques used to stop entry into their fortresses, once access is gained, everything becomes available. This characteristic of Google and other services that centralize information, make it a very high value target for cybercriminals and nation states who will over time, unwaveringly continue to attempt to gain unauthorized access to the information of individuals and companies that is hosted in Google's data centers.
Panwrypter
Panwrypter is an App that is designed from the ground up specifically for decentralizing the storage of sensitive documents and files, protecting them from unauthorized access over time, including data breaches, cyber-theft, unauthorized physical access, or simply losing or forgetting about the existence of your files.
Being designed specifically for decentralized protection, Panwrypter is loaded with options that can help provide you with the best possible protection, while regarding your existing storage habits, which might include apps such as Google Drive.
Specifically, it can help you to define a decentralized approach to protecting your documents & files, based on your lifestyle, while helping you to continue to use your existing storage media and services - the ones that you are already comfortable with.
In addition, Panwrypter can help you recover your files in the event that one or more of your protected volumes is damaged, control where your files can be physically restored from, and help you to safely remember the details of your storage sites when you need to access your files at a later time.
Learn more about Panwrypter, or download it from the Mac App Store.
Conclusion
In the future, the use of Ethereum and decentralized apps (Dapps) along with decentralized storage systems will help us mitigate the problems associated with the way we currently centralize applications and information. This will empower better approaches to disclosing and monitoring your personal information. A good overview of Ethereum and Dapps is discussed in this article by Alex Moskov, originally posted on CoinCentral.com.
If you have any feedback, questions, or suggestions, please let us know.
Acknowledgements:
Photo by Luis Alfonso Orellana on Unsplash