1. Check Login History
One of the fastest ways to know whether your Gmail account has been compromised is to check for recent activity. Underneath your inbox and toward the right is a security setting for “Last account activity.” It should have a time next to it. It’s a good indicator if you haven’t visited your inbox for days, yet it’s showing a time that doesn’t coincide with your use. To find out more, click on “Details,” and a pop-up will open to show you your most recent activity. Inside this pop-up, you will see a breakdown between browser, mobile (apps) and authorized applications.
2. Security Checkup
Your Gmail login is the same as your Google account; that’s why it is important to do a security checkup of your Google account. To do that, you can utilize Google’s Security Checkup and see an overview of your entire account. First things first: you want to see all green checkmarks. Google will alert you if there is a potential security issue and advise you of the appropriate steps. Specifically, you want to look at “Your devices” and make sure everything in this drop-down looks familiar. If a device does not look like it belongs to you, click on the three dots next to the device name. Two options will appear: “Sign out” and “Don’t recognize this device?” Make sure to sign out to ensure your Gmail is no longer available on that device. Also on this screen, there are a few options listed. One of them shows which third-party devices are accessing your account. If you see an app that should not be accessing your account or one you previously allowed yet don’t use anymore, click on “Remove access.” Last but not least, look at your activity over the past 28 days. If you are concerned about a breach in security, this is a great place to see where and when it happened.
3. Set up Two-Factor Authentication
The foundation of all account security, two-factor authentication, should ensure that no intruder can access your account, even if they have your password. Inside Google’s security checkup screen, you will see one final option for “2-Step Verification.” Here you can choose between methods that include using an Authenticator app or your phone number to receive a text message code each time you log in. In addition, Google has provided you with seven single-use backup codes that can help you log in to your account if every other 2FA method fails. This applies as well to a USB or Bluetooth-based security key.
4. Change Password
If there is any scenario in which you think your Gmail account security has been compromised, change your password immediately. To do so, visit Google’s My Account page, look for the “Personal info” tab on the left, then tap on the arrow to change your password. Of course, you will need to log in again to ensure you are properly verified as well as check the site to identify the last time your password was changed. It’s extra critical that your password is hard to guess and crack. A strong password includes both upper and lower case letters, numbers, and symbols. If you want the best password around, use a password manager to help you create and store strong passwords.
5. Change Recovery Email Address
If there is ever any reason to suspect that one of your email addresses has been compromised, it’s a good idea to change your recovery email address password. Head back to your Google Account page, click on “Security” on the left, then “Recovery email.” Verify your existing Gmail password, then replace the email address. Click on “Verify,” and it will send a six-digit pin to the recovery address. Enter that to finalize the verification process.
6. Check Email Forwarding and Delegates
To make sure email forwarding isn’t being used for nefarious reasons, open Gmail, click on the settings “gear” at the top right, and navigate to the “Forwarding and POP/IMAP” header. Email forwarding is turned off by default. If it is active and sending email to an email address or delegate you are unfamiliar with, disable it and immediately change your account password.
1. Is one browser better than another for Gmail account security?
Ultimately, the best security is based on the browser user and not the browser itself. That said, browsers like Brave, which blocks unwanted ads, or Chrome, which works best with Google services, may give you an edge, no pun intended.
2. What about Google’s Advanced Protection?
Google’s Advanced Protection Program is a really great tool, but it’s not right for everyone. This requires a separate hardware purchase from Google and is best used by those who are likely to be targeted by hackers: journalists, celebrities, athletes, politicians, etc.
3. Are there more secure email providers than Gmail?
Yes. Apps like ProtonMail and Tutanota are said to be some of the most secure email providers today. We also have a good list of the most secure email providers out there. The biggest advantage comes from end-to-end encryption, which is more focused on someone reading the email than it is about actual device security.
Final Thoughts
If you utilize the above tips to secure your Gmail account, you will have done everything you can to make sure it’s as protected as possible. All that’s left is figuring out the best tips for using Gmail in the future.