Data security is a hot topic right now and service providers understand the importance of this. Google is no exception. It was way back in February 2011 that they announced the rollout of two-step verification, which is a feature now widely utilised across the digital ecosystem. Indeed, Google have a long history of leading the way in security and this is no surprise given the sensitivity of the data that they hold and the damage that account hacks can have on advertisers.
Regular users of Google Ads will be familiar with the account access process, namely that invited users must have an email address associated with a Google property. That is not to say that these emails must be an @Gmail address (this is a common misconception), just that users need to have successfully completed the registration process with their chosen email address. This makes sense but if you think about it, this leaves some clear vulnerabilities. Specifically, if any email address associated with any Google property can be provided with access to your Google Ads account then any unauthorised users are no more than a few steps removed from accessing your account information. Adding a list of allowed email domains ensures that only users with email accounts registered under those domains can be invited to access your Google Ads account. This could mean restricting access to only individuals with an “example.com” email address. To put this into context, if you were to add “example.com” as the allowed email domain for your account, then administrators on your accounts could invite firstname.lastname@example.org to the account but not email@example.com. It is a simple change but one that brings added protection at minimal effort.
If you’ve seen the “allowed email domain list created” message in your account then Google have automatically created the list for you based on the domains associated with existing account users. I imagine that the change is too minor to have gone through an acceptance/opt-in process and, ultimately, I see no reason why users would not welcome the change. If you would like to set up or adjust these settings then head over to Account Access > Security Settings > Allowed Domains and edit or adjust as desired.
Remember that anyone with access to your Google account will also have full access to your associated Google Ads accounts and your advertising data. To avoid unauthorised access, take all the necessary steps to also protect your personal Google account. I won’t cover password best practises here but advice is widely available elsewhere.
Security getting you down? Then reach out to our team here and we’d be happy to ensure that your accounts are set up for safety and security success!