Although many people use Gmail to prevent spam, in one go, there are, according to the latest figures I could find, around 1.8 billion. active Gmail users. To put that in perspective, there are an estimated 4.25 billion email users across all platforms and apps, with Gmail accounting for roughly 20% of them.
It’s no wonder, then, that Gmail is also a favorite target for malicious actors. Unlike your business email, personal Gmail accounts tend to stay in use for years; it was released in 2004. This creates a treasure trove of valuable data that hackers can use to launch ongoing attacks. Business email accounts also tend to be better protected than personal ones by default. And then there’s the not-so-small matter of password reset requests that are usually sent by default to your email. So it doesn’t take a cybersecurity genius to calculate the impact of your Gmail account being compromised. To access your Gmail, threat actors must compromise your Google account. Here’s how to stop them.
How to protect your Gmail account against hackers
But it’s not all bad news, as it’s pretty easy to protect your Google account, and by extension your Gmail account, at least as well as anything that can be protected. All you need to do is get serious about Gmail security, and I’m here to show you how.
For most people, most of the time, Google account security comes down to two things: login credentials and two-step verification.
1. Make sure you have a unique and strong password. As I always say at this point, a password manager is your friend, both in creating that password and when needed to use it.
2. Make sure you have two-step verification enabled for your Google account. You may have already been asked to do this, as Google has been ramping up a ‘default enable’ program since late last year.
Two-step verification is your friend Google account, so use it
Google offers multiple secondary verification options, the most convenient of which is to send a prompt from Google to a different device than the one you’re using to sign in. So if it’s on your laptop, it would go to your phone and vice versa. Add an authenticator app, Google Authenticator is the default, but you can use Authy or similar as a fallback. Speaking of which, make a note of your backup codes in case of failure elsewhere. These can be stored in your password manager, for example.
Enabling two-step verification on your Google account is a no-brainer for Gmail security
The most secure form of secondary verification is to use a security key, and Google also offers this option. Google sells its own brand, or you can use a YubiKey. If you sign up for the Advanced Protection Program, suggested for high-value accounts like journalists, activists, and the like, then using such a key is mandatory.
Google account security check
So, those are the dice. However, there are many more layers that can be added to your Gmail security cake. The first of which covers what has already been said but goes further, but only takes a few minutes out of your day. I’m talking about a Google account security check. Doing so will bring up recommended security actions based on your existing settings, show you which devices have signed in to your account from where and when, detail the apps you’ve given access to your account, and offer you the opportunity to revoke any that don’t no longer recognize it, and highlight any ‘sensitive’ Gmail settings you’re using.
Let Google check your security settings for you
Google will recommend safe options
It really is a one stop shop for security verification and I highly recommend spending some time doing it. The part that shows the devices that have logged in to your account is beneficial for displaying bright red flags regarding the security and privacy of your Gmail account. It will show you when the device logged in, the type of device, and where it was located. The latter is not as useful as the former, thanks to the fact that it is so easy to fake.
Knowing which devices have logged into your account, when and where, can uncover illicit use.
Think outside the Google box for better security
It would be helpful if you also thought a bit outside of the Google box. I am referring to ensuring that your operating system is fully patched with the latest security updates. The same goes for your web browser of choice and any third-party apps you use in conjunction with Gmail. It is also recommended that you regularly review your browser extensions and application, deleting the ones you no longer use.