Blog

How to Password Protect Your Google Drive

Marie ProkopetsMarie Prokopets,Co-founder of Nira

Google Drive is an immensely useful tool in many ways. It allows you to store all your files and folders in a single place, which can then be accessed from anywhere, from any device, and at any time.

Another benefit is that file and folder sharing on the platform is seamless since the app has this fantastic ability to play nice with others.

You can allow the person to view, comment, or edit the file by granting them the necessary permissions. While the ease with which you can share Google files is incredibly convenient, it’s also a major drawback.

Yes, you can share your Google files with anyone, but how do you protect it from those whom you don’t want to see your data? What if somebody gets access to your account from an unattended or lost computer or phone?

Yikes.

In this article, we’ll discuss how password protection works on Google Drive, and whether there are any ways to bolster your Google Drive security.

Let’s get started then!

How Passwords Work for Google Drive

We have a shocker for you: Google still hasn’t added a true password protection feature to Google Docs.

This means all your files and folders aren’t exactly secure.

While Google servers protect you, you have to take the initiative to protect your main Gmail account.

You see, if anyone succeeds in hacking into your main account, then they’ll automatically gain access to Google Drive – Google Docs, Sheets, and Slides – due to the lack of individual password protection.

Read on as we discuss how you can keep your Google Drive safe from unauthorized and prying eyes.

Google Drive Security Is Built on Sharing

You might be wondering if that’s the case with the security then why is Google Drive so popular. After all, remote teams, internal departments, and external partners use Google Drive for daily collaboration and sharing and managing files and folders.

Well, that’s because everything isn’t lost.

The main way to protect your files and folders is to limit the number of people who have access to your docs, as well as make sure whatever access you do give is granted to reliable people – ones that you can trust.

When you share a document or a folder with another user via Google Drive, you can set specific permissions to give access to both an individual user as well as an organization or team.

It’s also why you should know what each access level means and how changing a setting can impact the visibility (which, in turn, will affect the security) of your data.

Google Drive Sharing Basics 101

When you’re the owner of a Google Doc, you exercise a lot of power over how a specific person accesses the file. You can give others complete ownership of the file or some level of viewing and editing permissions.

You have three options here:

  • Viewer: Giving anyone a link with this setting will allow them to edit as well as share the file.

  • Commentator: Giving anyone a link with this setting will allow them to view the file and add comments to the file. However, they won’t be able to edit it. Keep in mind that folders don’t support comments.

  • Editor: Giving anyone a link with this setting will allow them to view the file only – they won’t be able to add any comments or edit it

    • .

You also have the option to share the file with people and groups by filling in their email addresses. Again, you can choose from the above three settings to decide their level of access to the file.

Besides this, you can stop sharing the file or folder with people who originally had access by removing them from your list. This feature is in addition to restricting the files from being shared by people as well as restricting them from downloading, copying, and printing the doc.

When you click on Share located on the top right-hand side of the screen, you’ll see the Share with people and groups pop-up box. Click on the gear-shaped settings icon.

Once you do this, you’ll see the options regarding how you share the file with people. There are two right now:

  • Editors can change permissions and share
  • Viewers and commentators can see the option to download print and copy

On the whole, sharing your files and folders on Google Drive is very customizable and easy. There are various degrees of control that you can grant and even revoke when you don’t want to share the file any longer.

How to Add Extra Protection to Your Devices

If you don’t want to fall victim to malicious hackers, you must keep your account as secure as possible. You need a strong password (duh!), yes. At the same time, you can also enable two-factor authentication on or use a hardware security key.

Let’s explore these options in greater detail below:

Take a Strong and Unique Password

Passwords aren’t a foolproof method. And what makes the situation worse is the negligence of people when it comes to creating a password.

Did you know that the three most popular passwords of 2019 were 11234, 123456, and 123456789? We kid you not.

How hard would it be for anyone to crack them? Two seconds? Three seconds? Ten seconds tops.

Here are a few tips to create a strong password to beat the hackers:

  • Make your passwords looooong – nothing shorter than 15 characters.
  • Use uppercase, lower case, numbers, and symbols – the more you mix up characters, the stronger your password, and the harder it will be for the hacker to crack it.
  • Avoid memorable keyboard paths like QWERTY, ASDFGHJKL, ZXCVB. Don’t know what we’re talking about? Just take a look at your keyboard.

People also have a tendency to recycle their passwords too, which means that they use the same password across all or most of their accounts. So if such a password was a part of a data breach, cybercriminals would be able to exploit it easily in a credential-stuffing attack.

A credential-stuffing attack is a type of cyberattack where compromised credentials are used to gain unauthorized access into a system. Definitely what you don’t want to fall victim to!

Therefore, you should avoid using the same password for different accounts.

Setting-up Two-Step Verification

Your credentials, as established before, pose the biggest risk to your data. But if you add a two-step verification, you can take the security of a Google account to another level.

When you enable two-step verification, you’ll need a second code, which will be sent by Google to your mobile phone via text message in addition to your password. So if anyone wants to hack into your account, they’ll need your password and your phone, and since we don’t part away from our cell phones, the whole thing is just safer.

It hardly takes five minutes to set it up and can boost the security of your account by 50x. Not bad, eh?

Using a Hardware Security Key

Hardwood security keys or UDF keys add an additional layer of security to your online accounts. They are designed to protect you against automated bots and targeted attacks by using cryptography to verify your identity and the URL of a login page. While we recommend YubiKey or Titan, you can choose any (reputable) brand.

With these three measures properly implemented and in place, it’s very unlikely for anyone to get unauthorized access to your account.

That said, you may still have to worry about anyone snooping on to your laptop or phone. It’s precisely why you need to protect your devices with a password or PIN – that’s if you haven’t already.

Protecting Your Google Drive App on an iPhone or Ipad

Google launched a new Privacy Screen feature for Google Drive that allows users to require Face ID or Touch ID authentication whenever anyone tries to open the app on their devices.

The privacy screen will activate immediately as soon as you open another app – with the Touch ID or Face ID screen popping up whenever you return to Drive. You can also delay this for 10 seconds, 1 minute, or 10 minutes while you multitask to make the whole thing less annoying.

Here’s what you need to do to enable this feature:

Step #1 Open the Google Drive app on your phone.

Step #2 Click on the three horizontal lines on the top left-hand side of the screen. This will open up a side menu.

Step #3 Tap on Settings. There, you’ll see an option for Privacy Screen, select that.

Step #4 Enable Privacy Screen for your iPhone or iPad. Only a successful face scan will open the app for iOS devices that supports Face ID. For non-Face ID iOS devices, a passcode will be required.

Keep in mind that Privacy Screen isn’t your 100% guarantee, so don’t treat it as such.

Protecting Your Google Drive App on an Android

It’s true that whenever you upload a file to Google Drive, they get encrypted using the TLS standard, after which they get decrypted and then immediately re-encrypted using 128-bit AES encryption.

In other words, security is tight.

But there’s nothing wrong with adding an additional layer of security. If you are an Android user, however, we have some bad news for you.

While iOS users can enable biometrics for the Google Drive app, the Privacy Screen feature remains unimplemented in Google on Android OS.

Yes, the irony isn’t lost on us as well.

Several Android users, however, use an application known as AppLock from the Google Play Store to create a master PIN for securing the Drive app. We wouldn’t recommend it though since it claims to be vulnerable to hackers.

Protecting Your Google Drive App for a Mac or PC

While it’s likely for your phone to be already encrypted, you may have to enable FileVault (Mac) or BitLocker (Windows) to keep hackers away.

Still, the best way to protect your documents and folders is by limiting the permissions – one that we discussed previously – to ensure your data remain unchanged or avoid having them deleted.

What About Third-Party Scripts and Extensions?

Yes, there are third-party scripts that show the potential to “hack“ password protection into the service, but the security is still flawed since the process itself is very involved and isn’t foolproof.

There are browser extensions that can protect your files and folders – or at least claim to do so. People also run a custom script that adds a password lock to individual documents stored in the Drive, the problem here is that it can become quite a bother if you’re dealing with thousands of files.

However, we wouldn’t recommend leaving your sensitive data in the hands of unknown third-party extension developers since there’s no guarantee of good intentions on their part.

Just think about it: You’re basically giving away explicit access to your most sensitive information to a total stranger. So no matter how tempted you might be, just stay away from these.

Wrapping Up

The easy and convenient file and folder storage and sharing features of Google Drive do come at a price of inefficient security for critical data. But if you follow our above-mentioned tips and work on creating a strong password, enabling two-factor verification, and limiting the sharing options of your docs, you’ll do great favors for your data’s security.

Incredible companies use Nira

Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
Former VP of IT at GitLab

Incredible companies use Nira