Google User Basic Security Tips |Chromebook Mobile

Cloud Computing and Blogging w/ Chromebooks, Chrome, and the Google Chrome OS: ChromeBook.mobi - Simplify your life!

Google User Basic Security Tips

Safe & secure cloud computing with Google's Chrome & Chrome OS


One of the most important security concerns for the average user of Chrome is the Gmail password. The Gmail password is your "Google password", it's also used for Google Drive, Google Search, Google+, or nearly anything Google for the standard end-user. To many, it's the password to their online life. Luckily, as long as you maintain a secure password, the rest of your security and software maintenance tasks are a breeze in the cloud with Google.

Picture of a cloud designed to look like a padlock by FutUndBeidl
Image Credit: FutUndBeidl via cc 
Except for passwords: Chromebooks, Chrome (the web browser) and the Chrome OS (or operating system) are unlike the Apple or Microsoft setups you're probably used to. There is no antivirus program needed (or even available) at the end-user level, the hard-drives are generally SSDs and need no defragging, the operating system and user software updates are automated (and generally overseen by Google) and require no user intervention, and the best part of all is Chromebooks and the software you need to stay in action is an incredible value compared to what else is out there, but how do you protect your Google data?

Screenshot of the Google login screen or prompt
"Protect your password!"
As far as security, remember one thing above everything else, protecting your Google (same as Gmail) login information (especially the password) is your one critical task. Don't worry as much about the email address part when logging in (you probably semi-freely give that out anyhow), but your Google password is golden! Look at it this way, big-G has a saying, "One account. All of Google." Go to your Google account page to see what personal info you have hooked up.

Also, even if you're an outstanding citizen with nothing you feel you have to hide, think again, because many base their livelihood on just how much they can steal. Your Gmail and Google drive likely contain enough information to turn you into a victim.

Here are a few simple steps to keep the worries to a minimum.

2-step verification: 

2-step verification basically means someone can not log into your Google database unless you authorize that login attempt via a text-message code sent to your personal cell phone from Google. If it's your personal computer you can "stay signed in" and have Google remember that device. If you're logging in from a device other than yours don't authorize that computer to remember Jack during the login sequence. To login safely, just log-on slowly, watch what you're clicking, and look for the "https" (and a padlock picture) up in your address bar or omnibox. Refresh yourself or get started on Google's official 2-Step Verification page.

Note: Don't use 2-step verification as an excuse for weak passwords. 2-step authentication can be thwarted in certain instances. Also, PayPal, your bank, and many other secure sites have 2-step verification services available and it's generally worth the extra hassle to go ahead and set them up.

Password length and complexity:

First of all, don't use passwords that people could guess like a sequence of numbers or a combination of addresses, birthdays, names, places, colors, cars, pets, or what have you. If someone designed a password cracker program that cycled through all the combinations of tidbits of your common info along with a few extra characters sprinkled in here and there, at today's processing speeds, it wouldn't take long to "guess" many passwords.

How complex should your password be? "Moore's law" generally predicts that computer processing power doubles every 2 years (and it was a good rule over the last decade+), so obviously passwords must evolve in complexity as well. There would be great debate on any steadfast password rule, but let's just say that a 20 character password with a combination of numbers, upper and lower case letters, and a few special characters would likely still make the grade in a decade (especially with other related advances in online security)... half that is good for now.

We like computer generated and generally random password generators like passwordsgenerator.net, DuckDuckGo, or ramdom.org, but there are a million other choices as well. Finally, we also like LastPass password manager (affiliate link) to remember all the passwords in one place, but remember, if you use it, make your LastPass password rock solid because it would be a virtual gold mine were an undesirable to gain access there.

Password age:

Obviously, one of the factors determining your password age is going to be the environment you're operating in. We're not thinking about corporate settings where the IT guy's "ass is grass" if a break-in is due to a lousy password policy, but similarly, in cloud computing you are in fact probably networked like you've never been networked before, however, most people's terminals are home based, so instead of the typical 90 day (or less) company mandated password policy, just be reasonable and change it if you fear it's been compromised, every year, or when you're adding critical data or software packages to your online arsenal.

Physical factors: 

Number one, watch out where you login from. Computers other than your own can easily contain keyloggers that will snatch your password even more efficiently than the misguided soul peeking over your shoulder either personally or via the microchip sized pinhole cameras (or similar items) that are available today.

Other useful (or interesting) online security tidbits:


As far as your other fears of yesteryear, when you're computing in the cloud, as far as the Google based programs go, you have your own team of network experts taking care of software updates, viruses and other intrusions. Just remember, there are still other unsafe websites, emails, and live people within physical reach of your hardware preying on your personal data.

Outside of their personal employees, Google has a reward system to pay hackers that can crack their setups which generally involves not breaking the law in the process. Just search for "get paid to hack google" if you want more info.

Related note: In the big picture, the hackers (which some call crackers) that "generally" get notoriety are either thieves, like to deface that easily viewed by the masses, or are viewed as enemies in the new age digital warfare waged by governments and rouge groups. The hackers most people don't hear about are the corporate, law enforcement, and government or military specialists that are on "your side" behind the scenes. Almost all groups subcontract or "award" various services to independent specialists with skills. Obviously, there is plenty of overlap and different ways of viewing good and bad, black and white, or yin and yang, and it all depends on what side of the fence you're standing on. From an individuals point of view, they're either there to harm or to protect.

Imagine the rewards (generally as an antagonist) one would get if he (she) exposed a severe vulnerability in the Google OS (Android, Google search, Chrome, Chromium, Gmail, G-drive, apps, extensions, or what have you). Pretty cool really, Google has gone from a search engine to a (publicly recognizable) viable safe & secure operating system within a few short years.

What does this mean for you and your safety while computing in the cloud? Basically, as a lowly average user you're pretty well protected due to the more extreme concerns related with avoiding breaks in the government and corporate infrastructures resulting from computer based attacks. In the end, just set a sturdy Google password and get a good password manager with a different and robust password attached to it. That way, ultimately, you can just have one password for your password manager and the password manager will log you into all your sites from there. Now you can just forget about it and go about doing what you like to do on the web!

Lastly, if you use the LastPass password manager for an additional layer (or layers) of security you can also enable a variety of excellent 2-step or Multifactor Authentication login options with it as well. Again, just remember when logging in via any method, when you get to the "Remember this computer" option, only allow that if you are on your private personal computer. You don't want someone else's computer remembering your security credentials.