It’s no surprise, then, that Gmail is also a favorite target for malicious parties. Unlike work email, personal Gmail accounts tend to stay in use for years; It was launched in 2004. This creates a treasure trove of valuable data that hackers can use to launch persistent attacks. Business email accounts also tend to be better secured than personal accounts by default. Then there’s the not so small issue of password reset requests that usually default to your email. So, it doesn’t take a cybersecurity genius to calculate the effect of hacking your Gmail account. In order to gain access to your Gmail, attackers need to hack your Google account. Here’s how to stop them.
How to secure your Gmail account against hackers
But it’s not all bad news because it’s very easy to protect your Google account, and thus, your Gmail account, at least as well as anything that can be secured. All you have to do is take Gmail security seriously, and I’m here to explain how to do it.
For most people, most of the time, Google Account security comes down to two things: login credentials and two-step verification.
1. Make sure you have a unique and strong password. As I always say at this point, a password manager is your friend, both in creating the password and when you need to use it.
2. Make sure that 2-step verification is enabled for your Google account. You may have already been required to do so because Google has been ramping up its “default to enable” program since the end of last year.
2-Step Verification is a friend of your Google Account, so use it
Google offers several secondary verification options, the most convenient of which is asking Google for a different device than the one you’re using to sign in. So, if you use your laptop, it will transfer to your phone and vice versa. Add an authenticator app, Google Authenticator is the default app, but you can use Authy or similar as a backup. Speaking of which, write down your backup codes in case you fail elsewhere. It can be stored in a password manager, for example.
The most secure form of secondary verification is to use a security key, and Google offers this option as well. Google sells its own brand, or you can use a YubiKey. If you are registered in the Advanced Protection Program, which is proposed for high-value accounts such as journalists, activists and the like, the use of such a key is mandatory.
Google Account Security Check
So, these are the data. However, there are plenty of layers to add to your Gmail security cake. The first includes what has already been mentioned but goes further, but only takes a few minutes out of your day. I’m talking about Google Account Security Checkup. Doing so will show you recommended security measures based on your current settings, show you which devices are signed in to your account, where and when, details of those apps you’ve given access to your account, and give you a chance to revoke which ones you don’t use longer or don’t recognize on them, and highlight any “sensitive” Gmail settings you’re using.
This is truly a one-stop shop for your security checklist and I highly recommend spending some time doing it. The section that shows which devices are logged into your account is useful for raising bright red flags regarding the security and privacy of your Gmail account. It will show you when the device is logged in, the type of device, and where it is located. The latter is not as useful as the former, thanks to the ease of counterfeiting.
Think outside of Google for better security
It would be helpful if you also thought outside the Google box a bit. By that I mean making sure that your operating system is fully patched with the latest security updates. The same is the case for your web browser of choice and any third-party apps you use with Gmail. It is also recommended to regularly review browser and application extensions, and delete those that you no longer use.