One of Chrome OS’ biggest benefits is its inherent security features. It’s regarded as one of the most secure consumer-focused operating systems, but here’s how you can eek just a bit more out of it.
First off, let’s talk about what we mean by “security.” I don’t want to confuse this with “privacy,” which is something different. We’re focused on keeping your data safe on your Chromebook, should it ever get lost or stolen—and really, just for peace of mind.
Start With Your Google Account
Much like when securing your Android phone, your Chromebook’s security starts before you even sign in. Because Chrome OS uses your Google account for literally everything, you need first to make sure your Google account is protected.
While this starts with choosing a secure password, you’ll also want to enable two-factor authentication (2FA) as well. There is a slew of 2FA options available for your Google account, including SMS codes (which are inherently insecure, but still better than nothing), code-less 2FA that uses a prompt on your phone, U2F keys, and a lot more. Pick the one that works best for you, but know that if you want the best security, you can have, a U2F key is the way to go—something like Google’s Titan Key bundle is a great option.
You can enable 2FA on your Google account in the My Account > 2-Step Verification menu. Also, go ahead and run a security check while you’re there—you know, just to make sure everything else is on the up and up.
Install All Available Updates—Especially If It Requires a Powerwash
One of the ways Google ensures that Chromebooks stay as secure as possible for a long as possible is with constant updates. While slightly inconvenient, it’s important that these updates are always installed when they’re available for your system.
That’s really the simple part—click the reboot button when an update is available and you’re done. However, you should also periodically check the About Chrome menu found in Settings > Menu > About Chrome. This will let you know if your Chromebook is up to date, but will also let you know if a more crucial update that requires a Powerwash is available.
Since “Powerwashing” is what Chrome OS calls a factory reset, this will wipe the device clean. You’ll need to sign in and set up your Chromebook again, but this is mostly a non-issue since Chrome OS keeps everything backed up and synced. The only thing to pay specific attention to is anything stored locally on the device—like in the Downloads folder—because that stuff isn’t automatically backed up.
Check the Privacy and Security Menu
Chrome OS does a great job of keeping tight security as it is, but it never hurts to do a little follow-up on your own. Under the Privacy and Security menu (Settings > Advanced > Privacy and Security), you’ll find several relevant features to which you might want to pay closer attention.
Specifically, you’ll want to make sure Safe Browsing is enabled, which will alert you of potentially dangerous sites. Similarly, you can enable the “improve Safe Browsing” feature if you want—this just sends some system info and page contents back to Google.
Enable Find My Device on Chromebooks with Android Apps
If your Chromebook is a newer model and has access to the Google Play Store, you’ll want to make sure Find My Device (previously called Android Device Manager) is enabled so you can locate your Chromebook if it’s ever lost or stolen.
This option should be enabled by default, but give it a look to make sure. You’ll find it in Settings > Google Play Store > Manage Android Preferences > Google > Security > Find My Device.
Once you hit the menu, make sure the toggle in the upper corner is turned on. Then, if you ever lose your device (or it gets stolen), you can try to track its location remotely.
Overall, Chrome OS is about as secure as any OS that you’re going to get—especially out of the box. Part of what makes it so nice is that you don’t have to do a lot to make sure it stays that way because most things are enabled by default. The biggest thing you can do is make sure your Google account is secured with a strong password and 2FA—otherwise, you’re just popping in on certain settings to make sure everything is enabled as it should be.