Along with an extra 2GB of free storage, taking Google's security challenge offers a great safety checklist for all your online accounts.
These days most of us have the sense to take a few security precautions when creating a new online account, but security isn't a set 'n' forget process. It pays to regularly update your accounts to ensure the security settings are up to scratch and you're happy with the emergency contact details.
The years sneak up on you, it could be a decade or more since you created some of your webmail, cloud storage and social media accounts. That's why Google is offering a quick security safety check to coincide with Safer Internet Day, rewarding you with an extra 2GB of cloud storage if you complete the checklist.
Whether or not you have a Gmail account, Google's safety checklist is a great starting point for conducting a quick security check on all your online accounts.
Check your recovery information
It's important to ensure your phone number, recovery email address and security question are up-to-date to help you recover control of your account should something go wrong.
It's convenient to forward all your email addresses to the one inbox, so you can stay on top of things, but you don't want your recovery email address forwarding to your Gmail inbox. In the event that your Gmail account is compromised, there's no point in Google sending password recovery details and other sensitive information to your recovery email address if it will be forwarded to your Gmail address so the hackers can see it.
If you're particularly concerned about security it might be worth setting up another email account that you only use for receiving security confirmations. Webmail services encourage you to link your accounts, but keep this one separate and secret.
Use an alias
Better yet, use an email service that lets you create aliases and use the alias as your recovery email address. For example, create an email address like John@youremail.com and then go to the advanced settings and create Paul@youremail.com as an alias which forwards to John@youremail.com.
Now use the alias Paul@youremail.com as your recovery email address. You'll get messages at John@youremail.com but hackers won't have any luck breaking into Paul@youremail.com because it's not a real email account. It sounds complicated but it's pretty simple to do and it makes life harder for hackers.
Email aliases are also useful for protecting sensitive accounts such as your Amazon account. If your public email address is George@youremail.com then create an alias like Georgefirstname.lastname@example.org for logging into your Amazon account. Hackers won't get any joy trying to break into your account using Georgeemail@example.com because that account doesn't exist. It also helps foils social engineering attacks on Amazon's support team.
It's also worth reassessing your security questions. For example, the answer to a question like "What was your first phone number?" might have seemed obvious at the time, but is it referring to the house you grew up in, your first landline number when you moved out of home or your first mobile number? If you're not sure then change the question to something less ambiguous
Don't make your security questions too easy for people who know you well, considering that a disgruntled friend or relative might be the one who tries to break into your account. If you're going through a messy breakup it's definitely worth overhauling your online security.
Check your connected devices
Run your eye down this list to see if there are any devices you don't recognise. You can click on the dropdown arrow to see more details about where and when they accessed your account.
If something jumps out at you, Google offers a "Something looks wrong" button. Regardless of which service you're using, the first steps would be to change your password to something more secure and consider enabling two-factor authentication as an extra layer of security.
Also remove devices that you recognise but haven't used for a long time, especially if you've handed them down to someone else. When in doubt, boot it out. You can always add the device to your account again if you realise you need it.
Check your account permissions
This list can grow surprisingly long over the years as you jump between online services which want access to your Gmail account, including a wide range of mobile apps. It can be a trip down memory lane as you discover old online services which bit the dust long ago.
The same as connected devices, look for anything you don't remember adding or you no longer use and boot them out.
Check your app passwords
Entries in this list are one-off passwords generated for devices and services which don't support two-factor authentication.
They're most likely to be your computer and mobile devices accessing your contact and calendar information. You might also find devices like your printer, broadband modem or network storage drive which needs email access to send you alerts.
You definitely want to boot anything that shouldn't be here. Also delete devices and services you no longer use, such as your previous smartphone, to close potential security loopholes.
Check your 2-Step Verification settings
Another name for two-factor authentication, this stops someone logging into your account from a new device unless they know your password and a one-time code which is usually sent to you as an SMS or generated by a mobile app.
It's a good idea to enable two-factor authentication for all your services which support it. You can tell them to remember your devices, so you don't need a two-factor code every time you log in from your own computer, smartphone or tablet (but make sure these devices are locked with a password).
Even two-factor authentication isn't 100 per cent foolproof, there are reports of hackers hijacking and porting mobile phone accounts in order to intercept text messages authorising access to online banking business accounts. If you're concerned about this, consider using a mobile app to generate your two-factor code.
While you're conducting your security audit it's worth checking all your accounts, here are links to the security preferences pages for a few other popular services;
When was the last time you conducted a personal security audit? Which other security threats did you deal with?