How To Secure Your Gmail Account

By Jane Vestil

Your Gmail account allows you to access all of Google. Therefore, it is very important that your email account stays safe. This article outlines some security measures you can follow.

1. Make sure that you have a strong password.

The challenge here is to create a password that is easy to remember but hard for others to guess.

There are a lot of suggestions available but most websites use the below best practices:

  • Choose a password that is at least 8 character long.
  • Your password should contain at least one of the following: lower case letter, upper case letter, numeric value, and a special character.
  • Avoid using names or nicknames of family members, friends, and even pets.
  • Avoid using information about yourself such as name, nickname, username, birth date, phone number, address, plate number and many others.
  • Avoid sequential numbers and letters.
Additional recommendations we should be mindful of are:
  • Don’t use dictionary words or any word from any language.
  • Don’t use only 1 password for several accounts.
  • Update your passwords every 3 to 6 months.
  • Never write your passwords down.
  • Don’t share your password to anyone.
  • Never send your password to anyone via email, SMS, or instant messaging apps.
  • Refrain from using public computers especially when trying to access highly sensitive websites such as online banking.
  • Change your password immediately if you feel that it is compromised.
  • Don’t use the browser’s “Remember password” option if you are sharing a computer with someone.
  • Don’t type your password when someone is watching behind or beside you.

The article from Webroot, How Do I Create a Strong Password?, illustrates very clever examples on how you can create passwords that are hard to guess but easy for you to remember.

There are the four key elements mentioned in the said article

Using a phrase or acronym that means something to you or something you can easily associate with a particular type of website.

2BorNot2B_ThatIsThe? (To be or not to be, that is the question – from Shakespeare)

Using passwords with common elements, but customized to specific sites.

ABT2_uz_AMZ! (About to use Amazon) ABT2_uz_BoA! (About to use Bank of America)

Using the keyboard as a canvas to draw patterns on.


1qazdrfvgy7 forms the letter ‘W’ in the keyboard.

Adding emoticons or smileys.

C?U2canCRE8Pwords;-) (See? You too can create passwords ?)

2. Check if your emails are not being forwarded to an unknown email address.

If you have set up email forwarding, there is a possibility that your password reset request email will also be sent to that other email address. Most of the time, people with multiple email address use this feature to consolidate their email messages in one inbox. However, email forwarding can also be used to forward certain types of messages to another person. Therefore, if you have enabled this Gmail feature, double check that you are not forwarded to an unknown email address and that proper filtering are used if in case you are forwarding specific type of email messages to a different person.

If you want to learn how to enable or disable email forwarding in Gmail, check out this Google resource: Forward mail to another account.

Aside from automatic email forwarding, Gmail has another feature that allows users to delegate his or her email account to another which enables that person to send and receive messages for his or her behalf. Simply put, email delegation is like having several mailboxes in a single interface.

You can access another user’s messages and reply to those emails using his or her email address instead of your own without having to log out from your own account. This is particularly used by organizations and teams. If you want to learn more about email delegation, please see this Google resource: Set up mail delegation.

Just like in email forwarding, to avoid unauthorized access, make sure that you only delegate your email account to a trusted user. Note that if the filter option also have a “forward to” feature. Make sure to review all your filters as well.

3. Make sure to enter valid and up to date password recovery options.

In the event that you forgot your Gmail account password, Google offers several options for you to recover it. Google can send you a password reset link to a recovery email address. You can also add a mobile phone number to your Gmail profile, where you can receive a code via text message to reset your password. Comparing recovery email address versus a registered mobile number, the latter is a much secure and convenient option because you physically possess the phone. Aside from that, Google can also use your registered mobile number to challenge users trying to break into your account.

It is important to note that Google guarantees your number won’t be used by telemarketers. Another benefit of adding a mobile phone on your Gmail account is that you get SMS notifications when changes have been made to your account such as a password change. For instance, if you forgot to log-out from a public computer and somebody tried to change your password, you will get an SMS message when the change occurs. And since you have your phone with you, you can immediately make necessary changes to prevent further intrusion.

To learn more about the various password recovery options available, please refer to this resource: Adding recovery options to your account

The easiest way to set this up is to follow Google’s Security Checkup. Go to https://myaccount.google.com/security-checkup now to secure your account.

4. Check for unusual access or suspicious activity in your account.

Google has a security feature which logs your last 10 account activity. This includes recent activity that happened any time of the day that your mail was used via a regular browser, a mobile device, a POP email client, a third party application. You can see here details of the activity, associated location, IP address, date and time.

To access this security log, just find the “Last account activity” link at the bottom right part of every Gmail page and click on “Details”.

If you see any suspicious activity, if it is through a third party website, immediately revoke its access. Otherwise, change your Gmail password ASAP!

The easiest way to set this up is to follow Google’s Security Checkup. Go to https://myaccount.google.com/security-checkup now to secure your account.

You may also choose to “Sign out all other Gmail web sessions”.

If you want to learn more about your last account activity, please visit this Google resource: Last account activity

5. Check for unfamiliar content in your signature box and auto responder settings.

Go to your Gmail account settings by clicking on the gear icon found on the upper right portion of the Gmail interface.

Make sure also that there is no unfamiliar content or code in your signature or vacation responder box. These 2 settings are found under the “General” settings tab. Remove any content you don’t remember adding.

6. Make sure that all your software is up to date, especially your anti-virus and anti-malware app.

7. Activate 2-Step Verification

Google’s two-factor authentication is a way to secure your account using 2 things, something you know (password) and something you own (mobile phone).

If you enable this feature, each time you attempt to login to your Google account, aside from keying in your password, you will be prompted to enter a verification code that will be either sent to your phone via SMS, voice call, or through an independent mobile app.

If you don’t have a cell signal, there is nothing to worry as you can also generate a list of backup codes which you can print or write on a piece of paper. This will be very handy if you travel and don’t have a good reception.

Note that these codes will only work once. In case you have used up all 10 back up codes, you can easily request for a new batch. Once logged in, you have the option to tell Google to remember that machine you are using so you won’t have to authenticate again. You can also add back up phone numbers just in case if your primary number won’t work. This is by far the most secure way to access an online account. Learn more about the 2-Step Verification here.

Dan Taylor

Dan Taylor

Helping schools get the most out of Google for EDU.

More Stories

Facebook
Twitter
LinkedIn
Pinterest