Open Google Account, run Security Checkup and Privacy Checkup, then audit devices, sign-in options, data, and third-party access.
If you use Gmail, Drive, Photos, or YouTube, a periodic tune-up keeps things safe and tidy. This guide shows a fast, thorough way to audit settings, spot weak links, remove stale access, and back up data. You’ll get a checklist you can repeat in minutes next time.
What You’ll Tackle In This Account Review
You’ll confirm recovery paths, strengthen sign-in, prune unknown devices, clean up third-party access, tighten data sharing, and pull a fresh export of your content. Each step is short and practical.
Quick Checklist: Start Here
- Confirm recovery email and phone.
- Turn on passkeys and 2-Step Verification; store backup codes.
- Run Security Checkup and Privacy Checkup for guided fixes.
- Remove unfamiliar devices and sessions.
- Review third-party app access; revoke what you don’t use.
- Scan saved passwords; change weak or reused ones.
- Trim ad and activity settings to your comfort level.
- Export data; set an inactivity plan.
Where To Find Each Control (Fast Map)
Use this table as your dashboard for the session.
| Area | What To Check | How To Open |
|---|---|---|
| Recovery | Recovery email and phone | Google Account → Security → Ways to verify |
| Sign-In | Passkeys, 2-Step Verification, backup codes | Google Account → Security → How you sign in |
| Security Checkup | Recommendations, alerts, device and app risks | Security Checkup |
| Privacy Checkup | Activity controls, ad settings, YouTube and Maps history | Privacy Checkup |
| Devices | Signed-in devices, recent activity | Google Account → Security → Your devices |
| Third-Party Access | Apps with access to your account | Google Account → Security → Third-party access |
| Passwords | Compromised, weak, reused entries | Google Password Manager (Chrome or passwords.google.com) |
| Data Export | One-time or scheduled export | Google Account → Data & privacy → Download your data |
| Inactivity Plan | Contact, data share, account handling | Google Account → Data & privacy → More options |
Reviewing Your Google Account Settings: A Step-By-Step Walkthrough
Step 1: Confirm Recovery Paths
Open Google Account → Security. Under Ways to verify, confirm a current recovery email and a reachable phone. If one is old or missing, add a fresh one. This protects you if you forget a password or lose a device.
Step 2: Strengthen Sign-In With Passkeys And 2-Step Verification
Under How you sign in, create a passkey on each trusted device. You’ll sign in with your fingerprint, face, or screen lock instead of typing a password. Next, turn on 2-Step Verification. Add two or more second steps such as phone prompts, an authenticator app, and a hardware key. Then generate backup codes and store them in a safe place separate from your phone.
- Passkeys cut phishing risk and keep sign-in fast.
- Multiple second steps give you a fallback if one method isn’t available.
- Backup codes are your last-ditch access when nothing else works.
Step 3: Run A Guided Security Scan
Launch the guided wizard for risk fixes and device alerts via the official Security Checkup. It flags sensitive settings, risky third-party access, and unfamiliar devices so you can resolve issues in one sweep.
Step 4: Tune Privacy Signals
Open the Privacy Checkup. Review Web & App Activity, Location History, and YouTube History. Pick retention windows that suit you, such as auto-delete after 3, 18, or 36 months. Turn off history types you don’t want saved. Then check ad personalization and switch off topics or categories that don’t fit your taste.
Step 5: Prune Devices And Sessions
In Security → Your devices, review every phone, tablet, and computer with access. Remove anything you don’t recognize. For devices you still use but no longer control (sold or lost), sign out remotely. If you spot odd activity, change your password and run the Checkup again.
Step 6: Clean Third-Party Access
Under Security → Third-party access, look through apps that can see basic profile data, Drive files, Gmail labels, or Calendar. Revoke anything you don’t use. Reconnect apps later with the minimum scope they need, starting from the service’s settings rather than random prompts.
Step 7: Tidy Up Passwords
Open Google Password Manager in Chrome or at passwords.google.com. Run a password health scan and change weak or reused entries. Switch saved logins to unique, long strings. When a site supports it, replace passwords with a passkey. This reduces credential fatigue and phishing risk.
Step 8: Manage Activity And Personalization
Go to Data & privacy. Trim what’s saved, set auto-delete windows, and review ads preferences. On YouTube, adjust watch and search history, and clear suggestions that don’t fit your profile.
Step 9: Export Your Data
From Data & privacy → Download your data, build a fresh export of mail, photos, documents, and other content. Choose products and formats, then send the archive to cloud storage or download it. Large archives may split into files; grab them all for a full copy.
Step 10: Set An Inactivity Plan
In More options, set rules for inactivity. Choose a contact and what they can receive, plus whether your account should be deleted after a set period. This reduces surprises if you step away for a long time.
Deep Dive On The Most Impactful Fixes
Passkeys And 2-Step Together
Passkeys handle most sign-ins with minimal effort, but keep 2-Step Verification on as a layered defense. Add at least two second-step methods. Phone prompts are handy; an authenticator app keeps you working when your main phone has no signal; a hardware key is durable for travel. Keep backup codes tucked away offline.
Spotting Red Flags In Devices
Look for unknown hardware names, odd locations, and recent activity at odd hours. If you see a mismatch, sign out that device. Then change your password, scan for malware on your own gear, and re-secure the account with fresh second-step options.
Right-Sizing Data Retention
Shorter retention windows mean less data risk. If you like personalized results, keep Web & App Activity on with a shorter auto-delete. If you prefer a leaner profile, turn off categories you don’t use. You can still get relevant results based on current context.
Third-Party Access Hygiene
Many apps request broad scopes to speed onboarding. Remove any tool you no longer need. When reconnecting, start from the tool’s settings page so you can see exactly what’s requested. Grants to Gmail contents or Drive may be sensitive; tighten those first.
Troubleshooting: Common Snags And Fixes
Lost Your Phone And Can’t Get Prompts?
Use a hardware key, an authenticator app on a backup device, or backup codes. If you only had phone prompts, visit account recovery and add more second steps once you’re back in.
Unknown Sign-Ins Show Up
Kick the session out under Your devices, change your password, and rerun Security Checkup. Add an extra second step and rotate backup codes.
You Don’t Recognize An App With Access
Revoke it. If another service breaks, reconnect that service and approve only what it needs. If the prompt asks for broad scopes, look for a settings or privacy page in that service to fine-tune.
Privacy Controls You Should Review Every Quarter
These toggles change what’s saved and for how long.
| Control | What It Does | Suggested Baseline |
|---|---|---|
| Web & App Activity | Saves searches and usage from signed-in services | On with 3–18 month auto-delete |
| Location History | Stores visited places for Maps timeline | Off unless you use timeline features daily |
| YouTube History | Tracks watch/search to shape suggestions | On with 18-month auto-delete |
| Ad Personalization | Uses activity to tailor ads | Trim topics and sensitive categories |
| Drive & Gmail Access | App permissions to files and mail | Remove old grants; re-approve as needed |
| Password Health | Checks exposures, reuse, and length | Change weak/reused entries; prefer passkeys |
Building A Repeatable Routine
Monthly Five-Minute Sweep
- Open Your devices and remove unknown sessions.
- Run a password health scan; change any flagged entries.
- Review third-party access for anything new.
Quarterly Tune-Up
- Rerun Security Checkup and Privacy Checkup.
- Rotate backup codes; test your authenticator app.
- Shorten or lengthen data retention windows as your needs change.
Yearly Deep Clean
- Export a fresh archive of mail, photos, and docs.
- Review passkeys and hardware keys; replace any lost one.
- Refresh recovery email and phone; confirm both still work.
- Review inactive-account settings and contacts.
Frequently Missed Spots During An Audit
Old Phones Still Signed In
Even a retired handset left signed in can keep tokens alive. Remove it in Your devices and change your password if you no longer control the hardware.
Long-Forgotten App Grants
That quiz app from years ago might still see basic profile data. Tools connected to Drive or Gmail deserve extra scrutiny. If you don’t remember why an app needs a scope, remove it.
One-Method 2-Step Verification
Relying on a single phone prompt is fragile. Add an authenticator app and a hardware key. Print new backup codes whenever you change phones.
Passwords Saved In Multiple Places
Pick one manager to avoid conflicts. If you stick with Google Password Manager in Chrome, turn off competing auto-fills from other tools and from the OS. Fewer pop-ups means fewer mistakes during sign-in.
Data Export And Storage Tips
When you build an archive, pick formats you can open later. For mail, MBOX works well with many clients. For photos, keep original quality when storage allows. If the archive spans several files, download every part. Consider sending the export to cloud storage for easier retrieval.
Travel And Public Computer Safety
Use passkeys or an authenticator app instead of SMS when roaming. Avoid signing in on shared machines. If you must, use a private window, don’t save the password, and sign out from Your devices afterward.
Make This Review Stick
Add a calendar reminder for a quarterly pass. Keep a small note in your password manager with your backup code status and which devices hold passkeys. The next sweep will be faster because the groundwork is in place.
One Last Nudge
Finish today’s session with three quick wins: turn on passkeys, add a second 2-Step method, and run Security Checkup. You’ll feel the difference every time you sign in.