Chromebook security may sound like an oxymoron to some, but it’s a real thing. I read a great checklist on Michael Horowitz’s “Defensive Computing” site and was thrilled to see a section devoted to Chromebooks. Michael’s entire checklist is a recommended read when you have time, regardless of your device or platform choice. There are so many good suggestions here that I decided to surface some of them, along with a few of my own. Here are four Chromebook security tips for improving your data privacy and protection.
Disable Chromebook features you don’t want or need
I’ve pointed out that I’m not a big user of Android apps on my Chromebooks. So I typically disable the Google Play Store until and/or if I need an Android app. That boosts my Chromebook performance. But it can also help limit the amount of personal information you provide to both Google and Android developers, hence the Chromebook security of your data.
To that end, Michael suggests you disable Chromebook and/or Chrome features such as:
- Autocomplete searches and URLs
- Help improve Chrome’s features and performance
- Make searches and browsing better (this sends browser history data to Google)
- Enhanced spell check, something I’ve previously covered from a data privacy perspective
- Google Drive search suggestions
- Google Assistant
Obviously, if you get enough value from these, or other optional features, you probably don’t want to disable them. My suggestion: Consider what you’re giving up in terms of your data compared to that value. Then decide whether to continue using the feature in question or not.
Ethernet over Wi-Fi for Chromebook security
Wireless networking is inherently less secure than the wired type. And yet, I’m betting most Chromebook users (including me!) use Wi-Fi all the time. That’s more due to convenience and the hardware you have. To use a wired connection your Chromebook needs an ethernet port. Most do not, although some of the new cloud-gaming Chromebooks do. That’s for speed and latency more for security though.
If you work near an ethernet port, it is possible to connect using an ethernet adapter, or even a hub, for that wired connection. This $23 Anker adapter uses USB Type-C and works with a wired connection of up to 1 Gbps.
On a related note, I’d suggest subscribing to a trusted VPN provider when on Wi-Fi.
I switched from Gmail to Proton’s encrypted email service in 2020 and I bundled in Proton’s VPN service as well. FWIW, there’s a nice Proton bundle on sale now for Black Friday that’s discounted by 40 percent. It includes Mail and VPN, along with Proton Drive and Calendar. I don’t make a dime if you sign up; I’m just a paying customer that’s very happy with the product.
Boost Chromebook security with a Yubikey
Using a password or PIN to secure your Chromebook is certainly good, but a two-factor authentication (2FA) method is better. I’ve used both a Google Titan key as well as a Yubikey with all of my Chromebooks for a few years now. Even if someone knows my Google account credentials, they’re not getting into my Chromebook with this physical key. As an added benefit, these hardware keys can act as a 2FA method for other online credentials. They cost around $30 to $70 and are well worth the extra protection.
How do I know this? When I worked at Google, every employee had one of the keys and it was required to use a Chromebook or another computer. No exceptions.
Note that some newer Chromebooks have fingerprint sensors. This adds security as well and some websites do support its use for 2FA. Not enough of them do to make a fingerprint sensor a “must-have” on my Chromebook yet. Still, it’s worth a mention.
Don’t skimp on password security or services
Michael’s checklist has a whole section devoted to smart password usage. It applies not just to Chromebooks of course, and I’m not going to regurgitate it all here.
What I will say is if you’re already looking to limit your data exposure when using a Chromebook, don’t forget the passwords. I decided not to house my own passwords with Google or with Apple after years of doing so. For one thing, they both have enough of my data. For another, this was not a cross-platform solution as I switched between devices.
I researched password managers and there are several. It’s a personal choice so I won’t recommend one over the other. But I will say that I pay for 1Password and don’t regret the fee. I have a Chrome extension to access all of my passwords from a Chromebook and a Safari extension to do the same on an iPhone. I also access 1Password on Windows and Linux through desktop apps.
Got any additional Chromebook security tips or suggestions?
9 Comments
Good stuff 🙂
Never forgot incognito mode for hiding stuff from local people who might hop on your chromebook now and then …………..
Yup, Guest Mode and Incognito windows are useful for this!
“people who might hop on your chromebook now and then”
I’d be suggesting Guest Mode for other users rather than allowing them access while you’re logged in to your account.
Incognito Mode is useful for keeping Google and others from associating your browsing with your account.
I use the titan & yubi keys too and was worried they wouldn’t work in incognito mode but they do. I actually use my main google account in incognito mode, i.e a separate one to the one I log in to my Chromebook with. Bit of a pain if incognito crashes, but it hardly ever does these days.
Good article, Kevin! Very enlightening! Articles like this are one of the reasons I faithfully read you every day.????
Thanks coop!
You can also use the Vytal extension to spoof your timezone, locale, geolocation and user agent. It can automatically set your location data to match your ip address.
Once you start using MFA with keys like Titan and Yubikey, remove the least secure methods from your accounts but leave at least two. Get 1 or more backup keys. Having a very secure method of controlling access to your accounts is meaningless if you also allow the least secure.
For Google accounts, I like to generate 10 backup one time passwords that I can print and keep tucked into my wallet.
And most importantly, make sure you add MFA to your recovery email addresses. Make sure you don’t have one unsecured recovery email address with access to your secured ones.
You could also install the DuckDuckGo Privacy Essentials. It blocks trackers across the web, automatically upgrades your browsing to HTTPS when applicable, and changes your search to DuckDuckGo, a privacy-centered alternative to Google.