How to Run a Google Security Checkup

Give your Google security settings a onceover

It's important to understand that Google uses your sign-in and security permissions across every service and device that authenticates with your Google account. This includes all Android devices you use, services like Google Drive and Gmail, and third-party apps you've authorized to connect to your Google account. That's why it's important to use Google Security Checkup to ensure your private data is kept secure.

How to Run a Google Security Checkup

If you use your Google account to authenticate with services and devices, you should perform a Google security checkup frequently. You can do this by accessing the Google Account Security page where you can see the current status for all of the following security issues on your account.

Review Recent Security Events

To review any recent security events on your Google account, select the dropdown beside Recent security events.

  1. Google constantly monitors where sign-in attempts occur. If an attempt is from a location you don't normally visit or a device you don't normally use, you'll see a "suspicious attempt to sign in" alert in this section.

    If you don't recognize the sign-in attempt, select No, it wasn't me so that Google knows to block any future login attempts from that app or device.

    Screenshot of recent security events in Google security checkup
  2. Review the list of previous app or device sign-in attempts below this. If you see any that you don't recognize, select Don't recognize an event? at the bottom of the list. This will provide a pop-up where you can select Change password to sign out all devices and apps.

    Screenshot of signing-out all apps with a password change
  3. Once you've resolved any security issues, the checkmark beside the section will turn green, meaning there are no security issues.

Review Your Devices

The Your devices section will show you any device security issues you may be experiencing for the devices you've authorized.

  1. Google will show you any app settings that represent an account vulnerability. If you want to fix that setting, select Learn how to see instructions for securing that specific device (it's different for each security vulnerability and device).

    If you want to keep those settings, just select the three dots to the right of the warning, then select Dismiss.

    Screenshot of Google device setting security alert
  2. As you scroll down, you'll see entries for devices that previously had access to your Google account, but haven't logged in for a long time. If these are devices you no longer own, select Remove to remove authorization.

    Screenshot of removing Google account authorization on devices
  3. The most important section to check is the Signed-in devices at the bottom of this section. Select the dropdown arrow to see them all. If there are any devices you don't recognize, or shouldn't have access, select the three dots to the right, then select Sign out.

    Screenshot of signing out devices from your Google account
  4. When you're done making updates to this section of your Google security checkup, the checkmark next to the section should be green.

Confirm Sign-In & Recovery Verification Methods

The Sign-in & recovery section includes all of the contact info and other details that Google uses to verify you are who you say you are.

  1. Select the dropdown arrow to the right of the Sign-in & recovery section and check your recovery email. If your email has changed or you want to use a different email account, select No, update to update that email address. If you want to keep the current email address, select Yes, confirm.

    Screenshot of confirming recovery email

    Never use your Gmail email as your recovery email. Should you ever lose your Google account, you won't be able to access your Gmail inbox to get the Google recovery code.

  2. Select the dropdown arrow next to verification methods to review all of the verification methods and details you've approved for your account. Here, you should see:

    • Phone number
    • Recovery email
    • Security question
    • Trusted mobile devices

    In this section you can change the approved phone number or recovery email by selecting the pencil icon on the right.

    Screenshot of verification methods in Google security checkup tool
  3. Once you're done confirming changes or validating selections in this section, the checkmark next to the section should be green.

Review Third-Party App Access

The next section of the Google security checkup tool is Third-party access. The top part of this section shows any insecure apps that have access to your Google account.

To remove access from old apps or risky apps, select Remove or Remove access underneath that app. To review non-risky apps, select Show others at the bottom, then select Remove access to the right of any apps you don't need anymore.

Screenshot of third-party access in Google security checkup tool

Review Gmail Settings

The Gmail settings section is just a simple setting to display a name instead of your Google account name inside emails you send or receive.

This provides an additional level of security. Set the name if it's not already set up in this section.

Screenshot of Gmail settings inside Google security checkup tool

Password Checkup

The password checkup tool with Google security checkup lets you have Google validate whether all of the stored passwords you have in your Google account are truly secure passwords.

  1. To use this tool, select Password Checkup at the bottom of the Google Security Checkup page.

    Screenshot of Password Checkup section
  2. To continue, select Check passwords on the next page. You'll need to enter your Google account password before the tool will continue. Once signed in, Google will scan your stored passwords and provide a report.

    Screenshot of Google passwords scan results
  3. If any passwords are compromised, change them immediately. If there are reused passwords, consider updating them to make them unique. And if there are any weak passwords, now's the time to update them using stronger passwords.