Posted By RichC on June 11, 2011
I’ve been talking with a few people who have adopted Gmail as their primary email and semi-forget about security issues. It is increasingly a problem as evident by the concern over government officials email accounts possibly being accessed. Although most of have been warned not to share ‘id theft’ related information over email due to the relative lack of security, we all sometimes get careless. According to Google, here’s what you can do to better secure your information (especially now that smartphones are archiving contacts, etc with the ‘cloud’ … Google’s services among the most widely used).
Here’s what Google suggests:
(1) Use a strong password for Gmail, and don’t use that password on any other site. Google has a good set of tips for creating strong passwords. These include using passwords with a mix of letters, numbers and symbols, and keeping any password reminders in a place that isn’t easily visible.
(2) Don’t fall for emails that ask you to enter your password. Nobody asks you to enter your password in an email. And don’t enter your password after following a link in an email, especially if you’re taken to an unfamiliar site. In your browser, you can bookmark links you regularly use and go to those links instead of clicking on ones in emails.
Google will only ask for passwords using the regular password prompt on a page that starts with https://www.google.com. (Note the “s” after the “http.”)
(3) Watch out for red warnings about suspicious account activity in your Gmail, and check your account for unusual access. If Google detects strange behavior on your account — for example if your account is being accessed from Eastern Europe at some times and the U.S. at others — it will alert you and give you details about the suspicious activity. These alerts are pretty hard to miss, given that they’re bright red and all. Google started providing them last year and gave a good rundown of the process at that time.
You can check your most recent account activity on your own as well. In your Gmail inbox, scroll down to the bottom of the page. You’ll see a little note that says “Last account activity” and some information about timing and Internet Protocol (IP) address. For more information, click on the link that says “Details.”
(4) Regularly update your browser and operating system. Software companies routinely release patches to combat known attacks, so it’s important to keep your software up to date.
(5) Use anti-virus software — but make sure it’s from a trusted company. Some scammers will claim to be providing security software, but they’re really making you install software that takes your information. Google has a good list on its site.
(6) Always sign out of your account when you’re using public computers.
(7) Especially if you’re using a public computer, clear private data and browsing history after you use the machine. You should clear saved passwords, autofill data, browsing and downloads regularly. On most browsers, you can do this by going to “tools” or “preferences” and checking your Internet options.
(8) Enable something called two-step verification for your account. This means that in addition to your password, you’ll have to enter a number that Google sends to your phone. (You can decide to require the extra number only every 30 days.) To learn about two-step verification and sign up, just go to Google’s site about the process. The process can get a little complicated if you use your Gmail with smartphone applications and the like, but Google has a helpful video that does a good job of explaining it.
(9) Check the forwarding addresses and “delegated accounts” associated with your Gmail. You can do this by going to the little gear symbol in the top right corner of your Gmail and selecting “account settings.”
To check forwarding addresses, click on “Forwarding and POP/IMAP.” If there is a strange address in the drop-down menu, messages could be copied to that address without your knowledge.
To check whether other accounts can access your mail, click on “accounts” and look at the section called “Grant access to your account.”
And (10) Make sure you’ve updated your secondary email address and security question, so you can recover your account if you lose access to it. More information is on Google’s site.