A Google Account is a user account that provides access to Google-owned services such as Blogger, YouTube, and Google Groups. A Google Account sign up automatically creates a Gmail email account where as before Google Accounts could be email addresses other than Gmail. An account can be created by signing up for an email address with Gmail, but there are other ways. Accounts in EU countries used to employ the 'googlemail.com' domain because Google did not own the trademark. Google recently resolved the domain dispute, and now all users login with the Gmail domain, or by using an existing address from another provider.
After a Google Account is created, users can add other Google applications. Account settings are stored in one place, but many applications may store their own settings. Applications that may be accessed using a Google Account include:
YouTube and Blogger maintain their own accounts for users that registered with the services before Google bought them. However, effective April 2011 YouTube users are now required to link to a separate Google Account if they wish to continue to log into that service.
Users with a Google account can create a publicly accessible Google profile, which they can use to control how they are presented on Google products to other Google users. A Google profile can be linked to a user's profiles on various social-networking and image-hosting sites, as well as user blogs.
A Google Account can also be used by third party service providers. These providers can delegate user authentication to Google.
Google may block an account for various reasons, such as "unusual activity" or entering an age "not old enough" to own a Google account. Reactivation is possible using web-forms, providing proof of identity through valid photo ID, or a small credit card payment (at a cost of 0.30 USD). Other methods (such as sending a fax or uploading some requested document) require human interaction and may take some "days or a couple of weeks" to be accomplished.
While creating a Google account, users are asked to provide a recovery email address to allow them to reset their password if they have forgotten it, or if their account is hacked. In some countries, such as the United States, the United Kingdom and India, Google may also require one-time use of a mobile phone number to send an account validation code by SMS text messaging or voice message when creating a new account.
Google also offers a 2-step verification option—for additional security against hacking—that requests a validation code each time the user logs into their Google account. The code is either generated by an application ("Google Authenticator") or received from Google as an SMS text message, a voice message, or an email to another account. Trusted devices can be "marked" to skip this 2-step log-on authentication. When this feature is switched on, software that cannot provide the validation code (e.g. IMAP and POP3 clients) must use a unique 16-character alphanumeric password generated by Google instead of the user's normal password.
On June 5, 2012, a new security feature was introduced to protect users from state-sponsored attacks. Whenever Google analysis indicate that a government has attempted to compromise an account, a notice will be displayed that reads "Warning: We believe state-sponsored attackers may be trying to compromise your account or computer."
A provider of a web application which requires users to log in can delegate this work to Google. When a user tries to gain access to a secure resource on the third party website they are redirected to the Google Accounts login page. Here they will see an explanation of why they need to log in with their Google credentials. Any data which is to be shared with the third party will also be listed on this screen. Once authentication has succeeded the user is redirected back to the referring site along with a token identifying them as having logged in via Google.