5 Steps Towards a Secure Gmail Account

Gmail first appeared a little over fifteen years ago, and with more than 1.5 billion monthly active users, it's currently the biggest, most widely used free email provider in the world. This isn't such a huge surprise.

People love Gmail because it's easy-to-use and works well on all browsers and devices. It's reliable enough to be used by many enterprise customers as well, and its intuitive interface and seamless integration with the rest of Google's apps and services is a major selling point for quite a few people.

But what about security? Is Gmail the most secure email service out there?

It certainly gives you more than a few security mechanisms that can make the crooks' job a lot more difficult. It's up to you to know how to use them. Let's have a look at them.

Adding a recovery phone number

As we mentioned recently, many people don't feel particularly happy with the idea of giving their phone numbers to Google, and in light of recent privacy concerns raised around some of Silicon Valley's giants, we can't say that we blame them.

That being said, if you think that giving Google your phone number is a threat to your privacy, you should probably bear in mind that not doing it could present an even bigger risk. If you set your phone number as a recovery mechanism, Google will use it to make sure that no unauthorized access is given to your account when it detects a login attempt from a location or a device that it doesn't recognize. That way, even if cybercriminals somehow manage to steal or guess your password, they won't be able to break into your profile because they don't have access to the code that Google sends to your phone. There's no need to stop here, though.

Turning on 2-step verification

We all know that two-factor authentication (2FA), or, as Google insists on calling it, 2-Step Verification (2SV), is a simple mechanism that is designed to protect your data in case your password fails. It's not infallible, far from it, but it should nevertheless be an important part of people's overall security strategy, and they must learn to use it. Why haven't they done so already?

The problem with 2FA has always been that it inevitably complicates the login process. If 2FA is on, signing into your account will require one more step and will take more time. The modern internet user seems to be absolutely terrified by this perspective and is often quoting it as the reason for keeping 2FA disabled.

People appear to have completely forgotten the days of dial-up connections when doing things online took quite a bit longer than it does now. Even if you don't remember these times, you have to consider whether you really are in such a hurry. Is logging in quicker more important than logging in more securely?

You will be the one answering this question, but you should bear in mind that the stakes, especially when we're talking about your Google account, are usually very high, and there's no point in artificially increasing the risk.

Review your apps and devices

Most users try to protect their accounts from direct unauthorized access by other human beings. As futuristic and implausible as it sounds, however, sometimes, the immediate threat doesn't come from a living, breathing creature.

When you install a software application or try out a new online service, you're often presented with a choice – creating a brand new, dedicated account for the said service or using your Google profile. Going for the latter option makes signing up and logging in very easy, and it also means that you won't need to create one more password. The said application or service will have access to some of the information in your Google account, though, and you need to carefully see which apps can look at what sort of data.

If you see applications you don't recognize, remove them immediately. If you see apps that you do recognize, but you no longer use, remove them as well. We've witnessed cases where cybercrooks compromise apps that have grown out of popularity and have been left dormant. The fact that the developers have moved to other projects doesn't mean that the app's access to people's Google accounts has been cut off, which means that sometimes, the results are fairly catastrophic.

While you're reviewing the software applications that have access to your Google account, you might as well ensure that the devices connected to it are all under your control as well. Even if you are diligent enough to log out of public computers and mobile devices after you're done using them, Google will continue to recognize them as yours. Technically, anyone trying to break in will still need your password, but just to be on the safe side, it pays to disconnect them completely from your account in order to protect your data.

Be on the lookout for phishing attacks

Many of you probably think that phishing is something they'd never fall for. Don't forget, however, that Gmail phishing, was at the center of one of the most talked about cyberattacks of the last decade – the one aimed at John Podesta.

Although the data in your Gmail account isn't as sensitive as the one in Mr. Podesta's, the threat of phishing should not be underestimated. Cybercriminals trying to steal your Gmail login credentials have long perfected the art of social engineering, and the more motivated ones will use every trick in the book to succeed. Treating every single email and every single link, especially the ones in your inbox, with suspicion is very important these days. If a message tells you that you need to log in to your Gmail account and do something, open a new browser tab, type the URL yourself, double-check it, and enter your credentials only after you're certain that you're on the right login form.

Treat your password with the respect it deserves

As you can see, there are quite a few security mechanisms that help you stay safe. In the end, however, your password is the most important one. We've talked a great deal about what is and what isn't a strong password, and while it is true that creating one isn't the easiest thing in the world, it's also true that doing it has never been more crucial to your online security. The password is your first line of defense against the hackers, and if it's to withstand their attacks, it needs to be long, complex, and, most importantly, unique.

The question of whether or not you should change your passwords every few months has been discussed at some considerable length, and the experts can't seem to agree on a definitive answer. What this means is that you will be the one to figure out for yourself if your Google password needs regular changing. Whatever you decide, you need to bear one thing in mind.

The opponents of the password changing policies argue that when users are forced to change their passwords regularly, they just can't be bothered and either swap the existing password with something simple or use an obvious pattern to modify the current one. This, you have to agree, does nothing to improve security which is why, if you decide that your Google password needs regular changing, you need to make sure that every new one is good enough to protect your data.

How do you secure a Gmail account?

We're pretty sure that by now, some of you are on the verge of giving up following the steps described above because it's just too much hard work. Fortunately for you, Google has done what it can to ensure that securing your account is as easy as possible. In fact, all the security controls are accessible from one single URL – https://myaccount.google.com/security. There really is no excuse for leaving your Google account vulnerable.