Your Gmail account contains some of the most
sensitive personal information about you and is hands down the most vulnerable link in your online
security profile. More than likely, some document you’ve sent or received contains your full name,
your address, and even your social security number. It doesn’t matter how empty your bank
account is, this information can easily be used to maliciously steal your identity, destroy your
credit and lock you out of your online accounts. In other words, the five simple steps for
securing your Gmail account, I’m about to share with you - steps that will only take a few minutes
to implement - aren’t just something to consider “someday”. It’s critical to do this RIGHT NOW.
Welcome to All Things Secured, my name is Josh and as somebody who has personally had their
Gmail account hacked in the past, I can tell you from experience how annoying and time-consuming
it is to recover from this kind of attack. You don’t want to have to go through that, trust me.
By the way, this video is sponsored by Yubico, a company I’m really proud to represent,
and there’s a very good reason for that which I’ll explain in a moment. For now,
let’s jump right into your Gmail settings. I hate that I even have to share this as a
step, but if you don’t have a strong password, please, please change it right now. A strong
password is a random combination of characters, the longer the better, that is unique, meaning
that you only use that password for Gmail and not a single other online login.
To change your Gmail password, go to myaccount.google.com/security and click
on “Password” under “Signing into Google”. Make sure you create a better password that
you won’t forget and isn’t used anywhere else. Now that you’re in the security settings of your
Gmail account, you may have noticed a few warnings under the Security Checkup box. Even if Google
gives you a pat on the back with a message reading “Your account is protected”, I still recommend
you jump over to the security checkup page. I’ll have a link in the description or you can
just type in what you see here on the screen. It’s really important to know what you can do
with this tool Google provides, both from a monitoring and threat avoidance standpoint. For
example, I can check all of the devices that are listed as “trusted” to open my Gmail account and make sure
there aren’t any unknown devices that I can tell Google I don’t recognize. Or better yet, let’s
say my phone was stolen, this allows me to quickly jump in and tell Google to sign that device out
so that the thief won’t have access to my email even if they're able to get into that device. In my opinion, probably the most important
change you can make to secure your Gmail account is to turn on 2 factor authentication.
As you can see here, I have multiple security keys as well as the Gmail prompt setup as my
2 factor authentication, or 2FA for short. Now let me stop and say this. If you take away
only one thing from this video I want it to be this: Gmail security does not exist without 2FA.
In other words, if you’re not using 2FA, even if you have the strongest password in the world, your
account security is at high risk. I’m not trying to scare you, I’m just telling you the truth.
There are many ways that you can activate 2FA, including SMS text, authenticator apps
and even backup codes. Thankfully, the most secure way to do this is also one of
the easiest to setup. And that’s where Yubikey, the sponsor for this video comes in.
If you’ve followed me here for any amount of time, you know that I don’t take on many
sponsors on this channel. And the truth is, they didn’t reach out to me, I reached out to
them, basically saying “I use your 2FA keys, I love them. Let’s work together!”.
You see, I own a few of their 2FA keys, including one that I keep on my keychain, which
works for my computer and Apple phone, the backup that I keep in an undisclosed location, and the
new Bio which uses fingerprint authentication. There are plenty of 2FA
keys you can find on Amazon, but when it comes to this kind of security, I’m
very picky about who I trust. You can use the Yubikey Security Key to secure not only your Gmail
account, but also any other account that supports the FIDO protocol, and there are plenty of them.
If you don’t have your own 2FA key yet or perhaps you don’t have a backup, Yubico is offering a
special discount on their affordable Security Key series so that you can buy a couple of your own.
You’ll find links in the description. Personally, I bought four, a primary and backup key for myself
as well as the same for my wife. I promise you, this is an investment in your security that you
can’t afford NOT to make. I know that’s a double negative. In other words, you need to do this.
The process of setting up a 2FA key on your Gmail account it’s pretty straightforward.
Log into your Gmail account, go to myaccount.google.com/security,
scroll down and find 2-Step Verification, turn it on if you haven’t already, then click
“Add security key”. Of course, you’ll already need to have purchased your key, but once you have
your Yubikey device in hand, you’ll click on USB and then register the key by plugging it into your
computer or device. Name it whatever you want and then you’re done! You can remove the keys at any
time, which is useful if you somehow lose the key. Now any time you log into your email on
a new device, you’ll need to plug in this key to verify that this is, in fact, your
account. But that’s exactly what you want. Important side note here: whenever you use
any kind of 2FA, you NEED to make sure you have a backup plan. This could be a second
key, backup codes that you store securely or something else. The last thing you want, though,
is lock yourself out of your Gmail account! An important step in your Security Checkup after
2FA is to review 3rd party access. Over the years, we allow certain apps or websites to have access
to our account and we often forget to remove them when we’re done using that particular service.
For example, you can see here that at some point I allowed Word Cloud for Documents
to have access to my account. Since I don’t use that service anymore,
I’ll go ahead and remove access. You should do the same to any apps or sites
that you don’t recognize. And don’t worry, if you make a mistake, they can always ask
for new access that you can give them again. Now for those of you who want an extra measure
of security - and don’t worry, I’m not judging you because I do this - you can enroll in what
Google calls its Advanced Protection Program. It’s free to sign up, and although
it was designed with activists and journalists in mind, it’s open to anybody.
Essentially, the Advanced Protection Program forces you to use a 2FA key, which I’ve already
said is the one thing you need to be doing anyway. In addition to 2FA, a Gmail account
enrolled in this program performs stringent checks on file downloads,
app installs, malware, etc. Honestly, I can’t think of a good reason
not to enroll in this free program unless you just refuse to buy a required 2FA key.
But, since I know you care about locking down your Gmail account, a 2FA key is
a no-brainer investment. Make sure you grab your own set of Yubikey 2FA keys using
the special discount link below this video and share this with other family and friends who
you know need to enhance their own Gmail security. Oh yea, and if you want help setting up your
Yubikey on other accounts besides just Gmail, make sure you watch this
tutorial next. Click right here.