A few days ago, I received several registration confirmation emails from malicious sites. I did not sign up for those websites so I got worried that my Gmail or Google account might be compromised. Good thing is that I was able to activate some security measures to increase security of Gmail account.
Gmail is one of the world's most widely used free email service along with Yahoo! Mail and Microsoft's Hotmail which is now Outlook.com. Personally, there are a lot of important information associated with my Gmail account and having my login credentials known by a hacker can make a huge impact on my life. I think the same is true for a lot of people.
If you want to make sure that your email account with Google stays safe, here are steps you can follow. Note that these security measures were even recommended by Google themselves.
1. Make sure that you have a strong password.
It is said that the fastest words we can type are our passwords. Now the tricky thing about passwords is if it is too strong, a lot of people have the tendency to forget their passwords. The challenge here is to create a password that is easy to remember but hard for others to guess. There are a lot of guidelines available on various blogs as to how you can come up with a strong password.
As a best practice, the following rules should be applied when generating your secret codes.
- Choose a password that is at least 8 character long.
- Your password should contain at least one each for the following: lower case letter, upper case letter, numeric, and a special character.
- Avoid using names or nicknames of family members, friends, and even pets.
- Avoid using information about yourself such as name, nickname, username, birth date, phone number, address, plate number and many others.
- Avoid sequential numbers and letters.
- Don't use dictionary words or any word from any language.
- Don't use only 1 password for several accounts.
- Update your passwords every 3 to 6 months.
- Never write down your passwords.
- Don't share your password to anyone.
- Never send your password to anyone via email, SMS, or instant messaging apps.
- Refrain from using public computers especially when trying to access highly sensitive websites such as online banking.
- Change your password immediately if you feel that it is compromised.
- Don't use the browser's "Remember password" option if you are sharing a computer with someone.
- Don't type your password when someone is watching behind or beside you.
This article from Webroot entitled "How Do I Create a Strong Password?" illustrates very clever examples on how you can create passwords that are hard to guess but easy for you to remember.
Here are the four key elements found in the said Webroot article:
- Using a phrase or acronym that means something to you or something you can easily associate with a particular type of website.
2BorNot2B_ThatIsThe? (To be or not to be, that is the question - from Shakespeare)
- Using passwords with common elements, but customized to specific sites.
ABT2_uz_AMZ! (About to use Amazon) ABT2_uz_BoA! (About to use Bank of America)
- Using the keyboard as a canvas to draw patterns on.1qazdrfvgy7 forms the letter 'W' in the keyboard.
- Adding emoticons or smileys.
C?U2canCRE8Pwords;-) (See? You too can create passwords ?)
2. Check if your emails are not being forwarded to an unknown email address.
If you have set up email forwarding, there is a possibility that your password reset request email will also be sent to that other email address. Most of the time, people with multiple email address use this feature but can also be used to forward certain types of messages to another person. Therefore, if you have enabled this Gmail feature, double check that you are not forwarding to an unknown email address and that proper filtering are used if in case you are forwarding specific type of email messages to a different person.
If you want to learn how to enable or disable email forwarding in Gmail, check out this Google resource: Forward mail to another account Aside from automatic email forwarding, Gmail has another feature that allows users to delegate his or her email account to another which enables that person to send and receive messages for his or her behalf. Simply put, email delegation is like having several mailboxes in a single interface.
You can access another user's messages and reply to those emails using his or her email address instead of your own without having to log out from your own account. This is particularly used by organizations and teams. If you want to learn more about email delegation, please see this Google resource: Set up mail delegation Just like in email forwarding, to avoid unauthorized access, make sure that you only delegate your email account to a trusted user. Note that if the filter option also have a "forward to" feature. Make sure to review all your filters as well.
3. Make sure to enter valid and up to date password recovery options.
In the event that you forgot your Gmail account password, Google offers several options for you to recover it. Google can send you a password reset link to a recovery email address. You can also add a mobile phone number to your Gmail profile, where you can receive a code via text message to reset your password. Comparing recovery email address versus a registered mobile number, the latter is a much secure and convenient option because you physically possess the phone. Aside from that, Google can also use your registered mobile number to challenge users trying to break in your account.
It is important to note that Google guarantees your number won't be used by telemarketers. Another benefit of adding a mobile phone on your Gmail account is that you get SMS notifications when changes have been made to your account such as a password change. For instance, if you forgot to log-out from a public computer and somebody tried to change your password, you will get an SMS message when the change occurs. And since you have your phone with you, you can immediately make necessary changes to prevent further intrusion.
To learn more about the various password recovery options available, please refer to the following resources: Adding recovery options to your account, Recovery email address, Recovery phone number
4. Check for unusual access or suspicious activity in your account.
Google has a security feature which logs your last 10 account activity. This includes recent activity that happened any time of the day that your mail was used via a regular browser, a mobile device, a POP email client, a third party application. You can see here details of the activity, associated location, IP address, date and time. To access this security log, just find the "Last account activity" link at the bottom right part of every Gmail page and click on "Details".
You can also visit https://security.google.com/ and click on the "Recent Activity" tab right under the "Security" menu from the left side bar. Here, you can see logs of when you made changes to your account.
If you see any suspicious activity, if it is through a third party website, immediately revoke its access. Otherwise, change your Gmail password ASAP! If you want to learn more about your last account activity, please visit this Google resource: Last account activity
5. Always use HTTPS and check for unfamiliar content in your signature box and auto responder settings.
In layman's term, the extra 's' in https means security. To always use HTTPS, go to your Gmail account settings by clicking on the gear icon found on the upper right portion of the Gmail interface. Under the "General" tab, you will find the "always use https" option.
Make sure also that there is no unfamiliar content or code in your signature or vacation responder box. These 2 settings are also found under the "General" settings tab. Remove any unfamiliar code.
6. Make sure that all your software is up to date, especially your anti-virus and anti-malware app.
7. Activate 2-Step Verification
Google's two-factor authentication was launched last year as a way to secure your account using 2 things, something you know (password) and something you own (mobile phone). If you enable this feature, each time you attempt to login to your Google account, aside from keying in your password, you will be prompted to enter a verification code that will be either sent to your phone via SMS, voice call, or through an independent mobile app.
If you don't have a cell signal, there is nothing to worry as you can also generate a list of back up codes which you can print or write on a piece of paper. This will be very handy if you travel and don't have a good reception. Note that these codes will only work once. In case you have used up all 10 back up codes, you can easily request for a new batch. Once logged in, you have the option to tell Google to remember that machine you are using so you won't have to authenticate again. You can also add back up phone numbers just in case if your primary number won't work. This is by far the most secure way to access an online account. Learn more about the 2-Step Verification here.
No comments:
Post a Comment