6 - Steps to protect every Gmail account | Palvinder Singh
Palvinder Singh
Founder & CEO - Secuneus Tech. | Cyber Security Trainer - Instructor | Speaker | Expert-Talk | EC-Council CEH | CompTIA A+ N+ Security+ CySA+ | Offensive Security
The purpose of this article is to help you strengthen the security of your Gmail account. We’ll show you some actionable and non-technical steps you can take to ensure that your Gmail account remains safe and private.
Do you know that half of US adults get hacked every year ?
Imagine what it would be like if your Gmail account also got hacked. Not a pleasant thought... Follow these 7 steps to ensure that your Gmail account is no longer at risk of being compromised.
Step 1: Activate 2-Step verification
Google’s concern over account theft issues has resulted in the introduction of a security feature known as 2-Step Verification. 2-Step Verification provides an extra layer of security. Every time you wish to access your account, a code will be sent to your phone; thus making it impossible for another party to guess your password. We believe every Gmail accounts should have this activated.
To do so, click here and follow the on-screen instructions.
Note that you'll need a mobile phone to activate this feature. Should you lose your phone, you can create printable backup codes and a backup phone number as alternatives for accessing your account. You can also create an application-specific password for applications that don’t request a verification code.
It might sound annoying and probably will be the first few times but it’s certainly better than having your Gmail account hacked.
Step 2: Update your Gmail security credentials
How many years ago did you create your Gmail account?
If it was a few years ago, your recovery details such as your backup phone number may have changed. It’s vital that you monitor your security details and update your security questions, recovery options, and password and ensure that you have a strong password! So, the first thing you'd want to do is go to the Sign-in and Security Checkup page and update your password.
Remember, a secure password:
- Contains capital letters, numbers, and punctuation signs
- Is a minimum of eight characters long
- Does not contain a complete word
- Does not contain your real name, your username, or your company name
- Is completely different from previous passwords you’ve used
Sometimes, trying to remember a strong password can be difficult but there are ways and means of recalling good passwords. Check out this interesting article about passwords on ways of remembering your password.
How Often Should Gmail Passwords Be Changed ?
Logically, we know that our passwords should be changed from time to time, but there’s no ideal answer on how often this should be. This IT security expert’s opinion on password summarizes things well:
If you break up with someone you've shared a computer with, change them all.
Step 3: Revoke access to 3rd party apps
You may have signed up to a certain website using your Google credentials or installed third-party extensions. Some of these may be compromising your account and you need to revoke access to the ones you no longer use or trust.
Head to Google’s Account Permissions page to revoke access to anything you don’t want to keep.
Step 4: Check for suspicious activity
If Google notices suspicious activity in your account they’ll send you a notification. It may be that there are sign-ins from an unfamiliar location or an unfamiliar device. Ideally you should also manually review your account at least once a month to make sure that no suspicious activity has taken place.
To review your account, click on the link 'Details' located on the right hand side of the footer of your mailbox.
You’ll see a list of sign-ins and alerts that have been blocked, including sign-ins from new devices.
Should you notice unusual activity, try to recall why this activity seems unfamiliar, yet it’s still yours. If you can’t recall the activity and you’re unsure as to why it exists, your best action is to change your password immediately.
Step 5: Check account filters for forwarding emails
It’s important that you to ensure that there are no active filters in your account which may be forwarding your email to a third-party email address. This check is simple: Go to your Settings' page and click on the Filters tab. Look for filters you haven’t authorized and delete them.
In addition, check the Forwarding and POP/IMAP tab to ensure there’s no unauthorized forwarding address other than those approved by you.
Step 6: Authenticate your emails when sending sensitive information
On receiving an email, you may notice that next to the sender’s email address there’s a small red padlock. This indicates that the message is potentially unsafe.
This red unlocked icon comes with emails that have not been authenticated by Transport Layer Security (TLS) encryption. Don't worry too much if you don't understand how the technology works. You only need to be concerned if you see this icon and the message has something to do with passwords or other sensitive information. At this point you need to contact the sender of these insecure emails if want to continue exchanging messages with this person.
In conclusion
By taking the above simple steps you can be assured that your Gmail account is secured to the best of your ability. But always be on the lookout for notifications from Gmail advising that you need to add additional security in order to stay on top of any new potential vulnerabilities.