Skip to main content

How to secure your Google account and Blogger blog?

As a part of contributions to NCSAM, I am writing this article down on what all should we be aware of with respect to Google's security aspect and how to make sure your blog stays yours forever.

What is NCSAM?

It's National Cyber Security Awareness Month which is observed during the month of October every year in America.

However, we all know cyber security is a world topic and is not limited to just the USA. So let me give some tips with respect to keeping the Google account safe and Blogger blogs safe from hackers.

As I secure my account, I hope you people catch up too.

In this blog post, I am going to tell about the following,
  1. Securing your Google account.
  2. Securing your Blogger blog.

Securing your Google account

Since Blogger is also part of your Google account, let's first see what all we need to do to keep our Google account safe.
  • Don't share your password to anyone.
  • Keep changing your password every 60 - 90 days.
  • Make sure your password is strong enough. Have at least one capital letter, one special character and one number.
  • Make sure you logout your account when you use it anywhere other than your own personal laptop or desktop.
Those are the basics. There are few advanced things we can do to keep the account in safety. We can walk through Google accounts security section to see what all we could do. 

1. The security checkup.

As soon as I go to the security page, Google account says, 
This is about my account. When it comes to your account, if Google has found any potential security threat, it will ask you to review it. 

Irrespective of whether it has detected a risk or not, you can still go for a checkup by clicking "Get started"

What do I see when I click the same?
Everything is a green mark. Google now thinks there are no potential risks to your account.

Feels safe right? However that is not everything. Let's click on "Continue to your Google Account" which takes us back to security section.

Coming down to the next section,

  1. When have I changed my password?
    28 July 2018 - Absolutely vulnerable.
  2. Am I using my phone to sign in?
    No
  3. Do I have my 2-Step Verification turned on?
    Oh noooooo! Worried!
  4. When have I changed my Google PIN?
    Way back in 2017. That's again worst thing.
Adding all these up, my account is so much in threat. Now I am going to go ahead and secure my account more. 

I have changed my password and setting up 2SV.  Read more about 2SV here

Two step verification (2SV)

In short, 2SV is an additional verification that it is you who is logging in. Therefore Google asks you for your phone number and when you login to a new device, Google sends an OTP by call or text message to verify.

Too lazy to type in OTP each time? You're lucky. Google has got two other options as well one of which is getting a prompt in your phone.

I am comfortable with a Text message and so going ahead with Text message. If you find something else comfortable for you, please go ahead with that one.

Done and I am all set up for 2SV. Now when each time I login in a different computer, I am prompted with an OTP and only when I confirm it, I am let in to my account.

Next is my Google pin. I am going to go ahead and change that as well.

Screenshot of Google account PIN change
Being all that said and done, what else can you do to get your account back just in case you have been hijacked or you have forgot your account password?

Well, here comes the recovery information section,
(Information is hidden for privacy purpose)
You should enter a recovery phone, recovery email and answer a security question. 

Unfortunately, Google does not anymore support security questions. You can only use recovery phone and an email. May be it's showing up in my account because it's ancient.

Having these setup will have your account easy to recover for yourself and difficult to hack into for others. Hope these tips helps in keeping your account safe. 

Finally, if you ever feel you missed to logout your email from a stranger computer or you feel you are being hacked, change your password first. Then go to Gmail for Web and scroll all the way down to see the following at the end,


Click on the Details as highlighted and you'll get to see a popup window like below,


Here you can know what are all the devices that are logged in. You can choose "Signout of all other Gmail sessions" which will remove all of Google sessions except the one that you are logged in.

Now when this is done, you can login only to your devices back. 

Thanks for reading through this long. If you do all these itself, your blogger blog is already safe as all google products are under one roof. 

However let me tell you an interesting story of an old friend of mine. Herself and one another friend of hers started writing a blog on various genres. Over an year or so the blog got decent amount of viewers and they started inviting guest authors to write post. 

They approached the guest authors online and got content over email and then post it by giving credits to them. As it went, the blog became so popular but they became quite busy with their life. However they wanted to keep their blog going. So they decided to hire a person for it. They hired too from online market. Everything was the same except that this time they didn't get content over email rather added the content writer to their blog as Author.

Days went and at some point the author needed admin access and without second thoughts they gave permission so that the author can change whatever he wants in the template section. Sounds great right?

It sounded awesome until the next day they login to their account to see the blog disappeared. Booom!!!! 

What? Why did Blogger remove their blog? That was the first question that popped up in their mind. 

"Congratulations dear! Your blog just got hijacked" - That is all I was able to tell when they came up with this to me. Unfortunately until this moment, they are not able to get the blog back. What are the take aways from this story?
  1. Write and build your blog to the best. Never let it go.
  2. Never invite a stranger to write in your blog. At least not an online stranger. 
  3. Never ever give Admin access to a person who is not even known to you in person.
All that said, secure not only your google account but all your online accounts and safe and happy blogging. 

Comments

Feeds for you

Blogger profile confusions

Since Google has closed it's social networking service called the Google+ for consumers, few products has some effect on it. One of them is our very own blogger.

We could see that update notification in our blogger dashboard as below,



Besides from the things gone as mentioned in Blogger's official blog post here -> An update on Google+ and Blogger, we have a confusion on profile that needs to be clarified. That is the reason why I am writing this down.

There are now two profiles,

Blogger profileGoogle profileBlogger profile - Where does this appear?
This appears in all of your blogs if you have your profile gadget added. You can see that on this blog in the top right, How do I update this profile? Go to blogger.comNavigate to Settings > User settingsClick Edit under Blogger in User profile sectionYou'll be navigated to https://www.blogger.com/edit-profile.g where you can edit your profile that appears on the blog.Google profile - Where does this appear?
This appears in…

Who Is Lookup

Again as a part of Custom Domain Troubleshooting, we do Who Is lookup which gives us a handful of information.


What is Who Is Lookup?

Who Is lookup gives exactly what the name means. "Who Is". In addition to Who Is, this will give few useful information like,
Registrar InformationRegistered date and expiry information and so on.

How to do Who Is Lookup?

Common issues where custom domain is involved.

In BHF, one of the common issues we face is setting up custom domain. We already have a lot of information on how to setup a custom domain. So I am going to go ahead and write on the troubleshooting tips for custom domain.

This article is dedicated to +Chuck Croll  who has been/is a great mentor to me  since the beginning.

So let's start with the first and foremost golden rule of Custom domain troubleshooting.
Any issue where you have custom domains involved, first check if the custom domain is setup properly.