The other day I received the usual popup on my phone, asking if I’d requested access to my Google account. This is the typical warning when you have two-factor authentication (2FA) set up on your Google account (which you should).
Why is that a reason for concern?
- It wasn’t me attempting to log in to my account.
- In order to reach that point of authentication, both username and password have to have been successfully used.
What does that mean? Someone cracked my Google account password. That, in and of itself, is cause for concern, given I use very challenging passwords. However, because I had 2FA configured, I was able to immediately block that person from gaining access to my account.
The first lesson here is that everyone should be using 2FA with their Google account. For those that have yet to set up 2FA for Google, find out how here. Again, I cannot repeat enough how important it is to use 2FA with Google. It might be an extra step required to log in to your account, but the added security you gain is well worth it.
As to the big concern, my account had effectively been hacked, although not accessed. Once I was certain the ne’er-do-well hadn’t managed to get into my account, I knew the next step was to change my password and even up the complexity of the password used. When I changed the password, I made it considerably more complex than the one it replaced, which was already difficult.
But how to change it? Oddly enough, the process for changing your Google account password isn’t terribly intuitive. It’s not all that challenging, but locating the section of your account where you take care of the tasks might elude you.
Let me show you how.
SEE: Identity theft protection policy (TechRepublic Premium)
What you’ll need
The only thing you’ll need for this is a Google account you can access from any web browser.
How to change your Google password
Log in to your Google account with a web browser and point it to myaccount.google.com. In the resulting window, click Security in the left navigation (Figure A).
In the next screen, look for the Recent Security Activity section and click Review Security Events (Figure B).
At the top of the next page, click See Unfamiliar Activity (Figure C).
The resulting popup finally allows you to change your password. To do this, click Change Password and you will be prompted to log in to your account with the existing password. Once you’ve done that, you can finally change your Google account password (Figure D).
It is important you keep in mind that, after you change your password, you’ll be logged out of every device associated with your account, except for the one used to change the password. That means every single device:
If you have an Android-based television connected to your Google account, you’ll be logged out of that as well and won’t be able to use the television until you log back in.
It’s also important that when you change your Google account password–especially in the event of an attempted hack–you make the replacement even more complex than the previous. You want to do everything you can to prevent hackers from gaining access to your account. If you go only half-way with this, the chances are considerably more likely your Google account will be hacked. Remember, the prior password I used was already complex and should have stopped anyone from getting a foot through the door; it didn’t, which is why I upped the complexity for the new password.
Again, use two-factor authentication. Although it’s not a perfect solution, it does give you the power to block those who attempt to break into your account.
Google should make the process of changing account passwords considerably easier. Anytime you block someone using 2FA, the default behavior should be the requirement of a password change. Although you might not be forced by Google to make that change (after a thwarted hacking attempt), you should consider changing your account password a must.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays