If you use Google for anything (and who doesn’t), it is a good idea to periodically check your your Google account security settings. If you have an Android phone, then there is a Gmail account attached to the phone, whether you use it or not. This account is tied to the GPS location history generated by your phone. It is also attached to Google Calendar, Google Contacts, Google Photos, any G-Suite services, Any Google Webmaster services such as Google Analytics, Google Adwords, and so on.
This security checkup can be easily done at https://myaccount.google.com/security-checkup. I recently did this after receiving a security notice from Google. I had logged into my Google account from a new device, and they were checking to confirm it was a valid login. The Checkup screen looks like this:
Clicking on the down arrows will open each section and you can check to see what devices have logged into your account, any recent activity, confirm 2FA settings if you are using them, Any apps that have Google account access permissions, your GMail settings, and an analysis of any passwords saved in Google Chrome.
If you go to https://myaccount.google.com, there are other security and account setting to check.
One of my favorite places to check is Microsoft Timeline at https://www.google.com/maps/timeline. I can see everywhere I have been, and by zooming down into the map, I can discover exactly how much detailed location information that Google has about me. Kind of creepy actually. You can browse to this at the Data and Personalization tab, Activity Controls, Location History.
Another good place to check is the Security Events logs. From the Security tab, go to recent Security Activity, review security events. You can also check which devices have access to your account. If there are log-ins from devices you don’t own, or from locations you have never visited, this can be an indication that your account has been compromised or hijacked. You can also use this page to find lost devices (GPS of course) and remotely wipe a lost Android phone.
This security review is worth doing periodically, even as often as quarterly. Other important accounts to check would be any non-GMail email accounts, especially Office365 Outlook accounts, your Amazon account and other online shopping accounts, and all your bank and financial accounts, including IRS and Social Security accounts. Losing control of these accounts can create a personal financial disaster for you. Properly configuring your account security setting, and periodically reviewing access history can keep your accounts protected.
ShareMAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com