1. Secure Your Google Account with 2-Step Verification (2SV)

This is the most important security measure for any Chromebook user. 2-Step Verification (also known as two-factor authentication) adds a second layer of security to the login process. Even if an attacker manages to steal a user’s password, they cannot access the account without also having access to the second verification factor—typically a code from an authenticator app on a smartphone or a physical security key. This effectively blocks the vast majority of account hijacking attempts. 2SV should be considered mandatory and can be enabled in the “Security” section of the user’s Google Account settings.

2. Use a Strong, Unique Google Account Password

While 2SV is the ultimate defense, a strong password remains a critical first line of defense. The password for the primary Google Account should be long (at least 15 characters), complex (a mix of letters, numbers, and symbols), and unique—it should not be reused for any other online service. Using a reputable password manager is the best way to generate and store such passwords securely.

3. Regularly Perform a Google Security Checkup

Google provides a simple, powerful tool called the Security Checkup that guides users through a review of their account’s security settings. This tool helps users check for recent security events, see which devices are signed into their account, manage which third-party apps have access to their data, and review saved passwords. Performing this checkup on a quarterly basis is a proactive way to maintain strong account hygiene.

4. Enable Screen Lock and Require a PIN/Password

To protect against unauthorized physical access, a Chromebook should be set to lock its screen when it goes to sleep or when the lid is closed. This requires the user to enter their password or a shorter, more convenient PIN to unlock the device. This simple step prevents casual snooping if the device is left unattended in a public place or shared environment. This can be configured in Settings > Security and Privacy > Lock screen and sign-in.

5. Use Guest Mode for Sharing

When someone else needs to use a Chromebook, the “Guest mode” is the safest way to allow it. A guest session is completely isolated from the owner’s account. The guest cannot access any of the owner’s files, apps, or browsing history. When the guest signs out, all data from their session—including browsing history and any downloaded files—is permanently deleted. This ensures both privacy for the owner and a clean slate for the guest.

6. Be Extremely Cautious with Browser Extensions

While Chrome extensions can add useful functionality, they can also pose a significant security risk. Malicious extensions can spy on browsing activity, steal passwords, or inject ads. Users should adhere to the following rules:

• Install Minimally: Only install extensions that are absolutely necessary.
• Use Reputable Sources: Only install extensions from the official Chrome Web Store after checking reviews and the developer’s reputation.
• Review Permissions: Before installing, carefully review the permissions an extension requests. Be wary of extensions that ask for broad permissions, such as the ability to “read and change all your data on all websites”.
• Audit Regularly: Periodically review installed extensions at chrome://extensions and remove any that are no longer needed or seem suspicious.

7. Keep Your Chromebook Updated

ChromeOS is designed to update itself automatically and seamlessly in the background. These updates contain the latest features and, most importantly, critical security patches. However, to apply the update, the device must be restarted. Users should get into the habit of rebooting their Chromebook whenever the update notification icon appears on the shelf (taskbar).

8. Understand the Cloud-Centric Data Model

Chromebooks are designed to be “cloud-first” devices. This means that important files should be stored in Google Drive rather than in the local “Downloads” folder. Data stored locally on a Chromebook is not as secure or durable as data in the cloud. In the event that ChromeOS detects any system corruption during its Verified Boot self-check, it may automatically wipe the local storage and restore itself to a clean state to ensure security. Files stored in Google Drive are unaffected by this process and are securely accessible from any device.

9. Enable Safe Browsing and Secure DNS

Within the Chrome browser settings, there are two key features that enhance security and privacy.

• Safe Browsing: This feature, which should be set to “Enhanced protection,” automatically warns users before they visit dangerous websites or download malicious files.
• Secure DNS: This encrypts the connection used to look up website addresses (DNS queries), preventing internet service providers or attackers on the network from seeing which websites are being visited.

10. Manage Android App Permissions

Many modern Chromebooks can run Android apps from the Google Play Store. If this feature is used, it is essential to manage app permissions just as one would on an Android phone. Each app’s permissions should be reviewed in the settings, and access to sensitive information like location, microphone, or contacts should only be granted if it is essential for the app’s function.

11. Enable “Find My Device”

Like Android phones, Chromebooks can be located, locked, or remotely wiped using Google’s “Find My Device” service. This is a critical feature in case the device is lost or stolen. It requires the device to be powered on and connected to the internet. The feature can be enabled by installing the Find My Device app from the Google Play Store and linking it to the user’s Google account.